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A  FASTER-THAN  RELATION  FOR  ASYNCHRONOUS  PROCESSES 


GERALD  LUTTGENt  AND  WALTER  VOGLERi 

Abstract.  This  paper  introduces  a  novel  (bi) simulation-based  faster-than  preorder  which  relates  asyn¬ 
chronous  processes  with  respect  to  their  worst-case  timing  behavior.  The  studies  are  conducted  for  a 
conservative  extension  of  the  process  algebra  CCS,  called  TAGS,  which  permits  the  specification  of  maximal 
time  bounds  of  actions.  TAGS  complements  work  in  plain  process  algebras  which  compares  asynchronous 
processes  with  respect  to  their  functional  reactive  behavior  only,  and  in  timed  process  algebras  which  focus 
on  analyzing  synchronous  processes.  The  most  unusual  contribution  of  this  paper  is  in  showing  that  the  pro¬ 
posed  faster-than  preorder  coincides  with  two  other  and  at  least  equally  appealing  preorders,  one  of  which 
considers  the  absolute  times  at  which  actions  occur  in  system  runs.  The  paper  also  develops  the  semantic 
theory  of  TAGS:  it  characterizes  the  largest  precongruence  contained  in  the  faster-than  preorder,  presents 
an  axiomatization  in  a  fragment  of  the  algebra,  and  investigates  a  corresponding  weak  faster-than  preorder. 
A  small  example  relating  two  implementations  of  a  simple  storage  system  testifies  to  the  practical  utility  of 
the  new  theory. 

Key  words,  asynchronous  systems,  bisimulation,  faster-than  preorder,  process  algebra,  timing  behavior 

Subject  classification.  Gomputer  Science 

1.  Introduction.  Process  algebras  [7,  8,  18,  21,  26]  provide  a  widely  studied  framework  for  reasoning 
about  the  behavior  of  concurrent  systems.  Early  approaches,  including  Milner’s  Calculus  of  Communicating 
Systems  (GGS)  [26],  focused  on  semantic  issues  of  asynchronous  processes,  where  the  relative  speeds  between 
processes  running  in  parallel  are  not  bounded,  i.e.,  one  process  may  be  arbitrarily  slower  or  faster  than 
another.  This  leads  to  a  simple  and  mathematically  elegant  semantic  theory  analyzing  the  functional  behavior 
of  systems  regarding  their  causal  interactions  with  their  environments.  To  include  time  as  an  aspect  of  system 
behavior,  timed  process  algebras  [5,  19,  28,  32,  34,  38]  were  introduced.  They  usually  model  synchronous 
systems  where  processes  running  in  parallel  are  under  the  regime  of  a  common  global  clock  and  have  a 
fixed  speed.  A  well-known  representative  of  discrete  timed  process  algebras  is  Hennessy  and  Regan’s  Timed 
Process  Language  (TPL)  [19]  which  extends  GGS  by  a  timeout  operator  and  a  clock  prefix  demanding 
that  exactly  one  time  unit  must  pass  before  activating  the  argument  process.  Research  papers  on  timed 
process  algebras  usually  do  not  relate  processes  with  respect  to  speed;  the  most  notable  exception  is  work  by 
Moller  and  Tofts  [29]  which  considers  a  faster-than  preorder  within  a  GGS-based  setting,  where  processes 
are  essentially  attached  with  lower  time  bounds  [28].  In  practice,  however,  often  upper  time  bounds  are 
known  to  a  system  designer,  determining  how  long  a  process  may  delay  its  execution.  These  can  be  used  to 
compare  the  worst-case  timing  behavior  of  processes.  The  assumption  of  upper  time  bounds  for  asynchronous 
processes  already  is  exploited  in  distributed  algorithms  [24]  and  was  investigated  by  the  second  author  in  the 
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setting  of  Petri  nets  [9,  22,  35,  36].  The  latter  work  adapted  DeNicola  and  Hennessy’s  notion  of  testing  [16], 
where  the  derived  must-preorder  is  interpreted  as  faster-than  relation.  Recently,  these  results  have  been 
transferred  to  a  process-algebraic  setting  [23,  37]  whose  semantics,  however,  is  still  based  on  testing. 

In  this  paper  we  develop  a  novel  (bi)  simulation-based  approach  to  compare  asynchronous  systems  with 
respect  to  their  worst-case  timing  behavior.  To  do  so,  we  extend  CCS  by  a  rather  specific  notion  of  clock 
prefixing  “o'.”,  where  a  stands  for  one  time  unit  or  a  single  clock  tick.  In  contrast  to  TPL,  we  interpret  cr.P 
as  a  process  which  may  delay  at  most  one  time  unit  before  executing  P.  Similar  to  TPL,  however,  we 
view  the  occurrence  of  actions  as  instantaneous.  This  results  in  a  new  process  algebra  extending  CCS,  to 
which  we  refer  as  Timed  Asynchronous  Communicating  Systems  (TAGS).  To  make  our  intuition  of  upper- 
bound  delays  more  precise,  consider  the  processes  a.a.O  and  a.O,  where  a  denotes  an  action  or  port  as  in 
CCS.  While  the  former  process  may  delay  an  enabled  communication  on  port  a  by  one  time  unit,  the  latter 
process  must  engage  in  the  communication.  In  this  sense,  action  a  is  non-urgent  in  a.a.O  but  urgent  in  a.O. 
However,  if  a  communication  on  port  a  is  not  enabled,  then  process  a.O  may  wait  until  some  communication 
partner  is  ready.  Technically,  we  allow  a.P  to  wait  in  any  case;  to  enforce  a  communication  resulting  in 
the  internal  action  r,  a  time  step  in  TAGS  is  preempted  by  an  urgent  r.  This  is  similar  to  timed  process 
algebras  employing  the  maximal  progress  assumption  [19,  38];  however,  in  these  algebras  and  in  contrast  to 
TAGS,  any  internal  computation  is  considered  to  be  urgent.  For  TAGS  we  introduce  a  (bi) simulation-based 
faster-than  preorder  which  exploits  the  knowledge  of  upper  time  bounds:  a  process  is  faster  than  another  if 
both  are  linked  by  a  relation  which  is  a  strong  bisimulation  for  actions  and  a  simulation  for  time  steps. 

The  main  contribution  of  this  paper  is  the  formal  underpinning  of  our  preorder  which  justifies  why  it  is 
a  good  candidate  for  a  faster-than  relation  on  processes.  There  are  at  least  two  very  appealing  alternative 
definitions  for  such  a  preorder.  First,  one  could  allow  the  slower  process  to  perform  extra  time  steps  when 
simulating  an  action  or  time  step  of  the  faster  process.  Second  and  probably  even  more  important  is  the 
question  of  how  exactly  the  faster  process  can  match  a  time  step  and  the  subsequent  behavior  of  the  slower 
one.  For  illustrating  this  issue,  consider  the  runs  aaah  and  aaah  which  might  be  exhibited  by  some  processes. 
One  can  argue  that  the  first  run  is  faster  than  the  second  one  since  action  a  occurs  earlier  in  the  run  and 
since  action  b  occurs  at  absolute  time  2  in  both  runs,  measured  from  the  start  of  each  run.  With  this 
observation  in  mind,  we  define  a  second  variant  of  our  faster-than  preorder,  where  a  time  step  of  the  slower 
process  is  either  simulated  immediately  by  the  faster  one  or  might  be  performed  later  on.  As  a  main  result, 
we  prove  that  both  variants  coincide  with  our  faster-than  preorder  that  has  a  more  elegant  and  concise 
definition.  This  justifies  our  faster-than  preorder  as  a  reference  preorder  for  relating  asynchronous  processes 
with  respect  to  their  worst-case  timing  behavior.  In  addition,  this  paper  develops  the  semantic  theory  of 
the  faster-than  preorder:  we  characterize  the  coarsest  precongruence  contained  in  our  preorder,  demonstrate 
that  TAGS  with  this  precongruence  is  a  conservative  extension  of  CCS  with  bisimulation,  and  axiomatize  our 
precongruence  for  finite  sequential  processes.  We  also  study  the  corresponding  weak  faster-than  preorder, 
which  abstracts  from  internal  computation,  and  its  semantic  theory.  To  testify  to  the  utility  of  our  novel 
framework,  we  apply  it  to  a  small  example  dealing  with  two  implementations  of  a  simple  storage  system. 

The  remainder  of  this  paper  is  organized  as  follows.  The  next  section  presents  the  process  algebra 
TAGS,  while  Sec.  3  introduces  three  variants  of  a  faster-than  preorder  and  shows  all  of  them  to  coincide. 
Sec.  4  develops  the  semantic  theory  of  our  preorder  and  its  “weak”  correspondence,  which  is  then  applied  to 
an  example  in  Sec.  5.  Finally,  Secs.  6  and  7  discuss  related  work  and  present  our  conclusions,  respectively. 
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2.  Timed  Asynchronous  Communicating  Systems.  This  section  defines  the  syntax  and  semantics 
of  our  novel  process  algebra  Timed  Asynchronous  Communicating  Systems  (TAGS)  which  conservatively 
extends  CCS  [26]  by  a  concept  of  global,  discrete  time.  This  concept  is  introduced  by  a  non-standard 
interpretation  of  clock  prefixing  “o'.”  as  mentioned  in  the  introduction.  Intuitively,  a  process  cr.P  can  at 
most  (but  must  not)  delay  one  time  unit  before  having  to  execute  process  P,  provided  that  P  can  engage  in 
a  communication  with  the  environment  or  in  some  internal  computation.  The  semantics  of  TAGS  is  based  on 
a  notion  of  transition  system  that  involves  two  kinds  of  transitions,  action  transitions  and  clock  transitions. 
Action  transitions,  like  in  CCS,  are  local  handshake  communications  in  which  two  processes  may  synchronize 
to  take  a  joint  state  change  together.  A  clock  represents  the  progress  of  time,  which  manifests  itself  in  a 
recurrent  global  synchronization  event,  the  clock  transition.  As  indicated  above,  action  and  clock  transitions 
are  not  orthogonal  concepts,  since  a  clock  transition  can  only  occur  if  the  process  under  consideration  cannot 
engage  in  an  urgent  internal  computation. 

Syntax  of  TAGS.  Let  A  be  a  countable  set  of  actions,  or  ports,  not  including  the  distinguished  unobservable, 
internal  action  r.  With  every  a  €  A  we  associate  a  complementary  action  a.  We  define  A  =df  {a  |  a  €  A} 
and  take  A  to  denote  the  set  A  U  A  U  {r}  of  all  actions.  Complementation  is  lifted  to  A  U  A  by  defining 
a  =df  a.  As  in  CCS  [26],  an  action  a  communicates  with  its  complement  a  to  produce  the  internal  action  r. 
We  let  a,b,  -  ■  ■  range  over  A  U  A  and  a,fd,...  over  A  and,  moreover,  we  represent  (potential)  clock  ticks  by 
the  symbol  a.  The  syntax  of  our  language  is  then  defined  as  follows: 

P  ::=  0  \  X  \  a.P  \  a.P  \  P  +  P  \  P\P  \  P\L  \  P[f]  \  px.P 

where  a;  is  a  variable  taken  from  a  countably  infinite  set  V  of  variables,  L  C  A  \  {r}  is  a  restriction  set, 
and  f  :  A  ^  A  is  a  finite  relabeling.  A  finite  relabeling  satisfies  the  properties  /(r)  =  r,  /(a)  =  /(a), 
and  jja  j  f{a)  ^  a}]  <  oo.  The  set  of  all  terms  is  abbreviated  by  V  and,  for  convenience,  we  define  L  =df 
{a  I  a  e  I/}.  Moreover,  we  use  the  standard  definitions  for  the  semantic  sort  sort(P)  C  A  U  A  of  some  term  P, 
free  and  bound  variables  (where  px  binds  x),  open  and  closed  terms,  and  contexts  (terms  with  a  “hole”). 
A  variable  is  called  guarded  in  a  term  if  each  occurrence  of  the  variable  is  in  the  scope  of  an  action  prefix. 
Moreover,  we  require  for  terms  of  the  form  px.P  that  x  is  guarded  in  P.  We  refer  to  closed  and  guarded 
terms  as  processes,  with  the  set  of  all  processes  written  as  V,  and  denote  syntactic  equality  by  =. 

Semantics  of  TAGS.  The  operational  semantics  of  a  TAGS  term  P  £  V  is  given  by  a  labeled  transition 
system  {V,  A  U  {a},  — )■,  P)  where  V  is  the  set  of  states,  A  U  {a}  the  alphabet,  — )■  C  P  x  A  U  {a}  x  V  the 
transition  relation,  and  P  the  start  state.  Before  we  proceed,  it  is  convenient  to  introduce  sets  U{P),  for  all 
terms  P  £  V,  which  include  the  urgent  actions,  as  discussed  in  the  introduction,  in  which  P  can  initially 
engage.  These  sets  are  inductively  defined  along  the  structure  of  P,  as  shown  in  Table  2.1.  Strictly  speaking, 
L({P)  does  not  necessarily  contain  all  urgent  actions.  For  example,  for  P  =  r.O  +  cr.a.O  we  have  L({P)  =  {r}, 
although  action  a  is  also  urgent,  because  the  clock  transition  of  P  is  preempted  according  to  our  notion  of 
maximal  progress.  However,  in  the  sequel  we  need  the  urgent  action  set  of  P  only  for  determining  whether  P 
can  initially  perform  an  urgent  r.  For  this  purpose,  our  syntactic  definition  of  urgent  action  sets  is  just  fine 
since  r  £  U{P)  if  and  only  if  r  is  urgent  in  P. 

Now,  the  operational  semantics  for  action  transitions  and  clock  transitions  can  be  defined  via  structural 
operational  rules  which  are  displayed  in  Tables  2.2  and  2.3,  respectively.  For  action  transitions,  the  rules 
are  exactly  the  same  as  for  CCS,  with  the  exception  of  our  new  clock-prefix  operator.  For  clock  transitions. 
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Table  2.1 
Urgent  action  sets 


U(Q)  =df0  U{x)  =df0  U{P\L)=AfU{P)\{LVJL) 

U{a.P)=i,{a}  U{P  +  Q)=i,U{P)VJU{Q)  U{P{f])  =df  {/(a)  |  a  G  Z^(P)} 

U{(T.P)=Af^  U{P\Q)  =AfU{P)l^U(Q)l^{T\U{P)nU{Q)i^^]  U{iix.P)  =AfU{P) 


Table  2.2 

Operational  semantics  for  TAGS  (action  transitions) 


Act 


Suml 


a.P 
P 


P 

P' 


Coml 


Rel 


P  +  Q  ^  P' 

P  )  P' 
P\Q^P'\Q 

P  ^ )  P' 

P[f]  ^  P'lf] 


Pre 


Sum2 


Com2 


Res 


P' 


<7  P  )  P' 

Q^Q' 

P  +  Q^Q' 

Q^Q' 

P\Q^P\Q' 

P  )  P' 
P\L^P'\L 


LUL 


Com3 


Rec 


P  P'  Q  -^Q' 
P\Q^P'\Q' 

P  )  P' 

jlX.P  P'ljlX.Pjx] 


our  semantics  is  set  up  such  that,  if  r  G  U{P),  then  a  clock  tick  cr  of  P  is  inhibited,  in  accordance  with 
our  adapted  variant  of  maximal  progress.  For  the  sake  of  simplicity,  let  us  write  P  P'  instead  of 
(P, 7,P')  G  — >,  for  7  e  {(t),  and  say  that  P  may  engage  in  7  and  thereafter  behave  like  P' .  Sometimes 
it  is  also  convenient  to  write  P  -PPt  for  3P'.  P  -P-^  P' . 

According  to  our  operational  rules,  the  aetion-prefix  term  a.P  may  engage  in  action  a  and  then  behave 
like  P.  If  a  ^  r,  then  it  may  also  idle,  i.e.,  engage  in  a  clock  transition  to  itself,  as  process  0  does.  The 
eloek-prefix  term  a.P  can  engage  in  a  clock  transition  to  P  and,  additionally,  it  can  perform  any  action 
transition  that  P  can  since  a  represents  a  delay  of  at  most  one  time  unit.  The  summation  operator  + 
denotes  nondeterministic  choice  such  that  P  +  Q  may  behave  like  P  or  Q.  Time  has  to  proceed  equally  on 
both  sides  of  summation,  whence  P  +  Q  can  engage  in  a  clock  transition  and  delay  the  nondeterministic 
choice  if  and  only  if  both  P  and  Q  can.  As  a  consequence,  e.g.,  process  a.a.O  +  r.O  cannot  engage  in  a  clock 
transition;  in  particular,  a  is  not  urgent,  but  nevertheless  it  has  to  occur  without  delay  if  it  occurs  at  all.  The 
restrietion  operator  \L  prohibits  the  execution  of  actions  in  L  U  P  and,  thus,  permits  the  scoping  of  actions. 
P[/]  behaves  exactly  as  P  where  actions  are  renamed  by  the  relabeling  /.  The  term  P\Q  stands  for  the 
parallel  eomposition  of  P  and  Q  according  to  an  interleaving  semantics  with  synchronized  communication 
on  complementary  actions  resulting  in  the  internal  action  r.  Again,  time  has  to  proceed  equally  on  both 
sides  of  the  operator.  The  side  condition  ensures  that  P\Q  can  only  progress  on  a,  if  it  cannot  engage  in 
any  urgent  internal  computation,  in  accordance  with  our  notion  of  maximal  progress.  Finally,  px.  P  denotes 
reeursion,  i.e.,  ptx.  P  behaves  as  a  distinguished  solution  of  the  equation  x  =  P. 

The  operational  semantics  for  TAGS  possesses  several  important  properties,  in  analogy  to  many  temporal 
process  algebras  [19,  38].  First,  it  is  time-deterministie,  i.e.,  processes  react  deterministically  to  clock  ticks, 
reflecting  the  intuition  that  progress  of  time  does  not  resolve  choices.  Formally,  P  P'  and  P  P" 
implies  P'  =  P",  for  all  P,  P',P"  G  P.  Second,  according  to  our  variant  of  maximal  progress,  a  term  P  can 
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Table  2.3 

Operational  semantics  for  TAGS  (clock  transitions) 


tNil 


tAct 


tPre 


0^0 


a.P  a.P 


a.P  P 


tSum 


tCom 


tRec 


P^P'  Q^Q' 
P  +  Q^P'  +  Q' 

P^P'  Q^Q' 
P\Q^P'\Q' 

P  ^  P' 

jlX.P  P'ljlX.Pjx] 


tRes 


r  ^  U{P\Q)  tRel 


P  ^  P' 


P\L  ^  P'\L 
P  ^  P' 

P[f]  ^  P'if] 


engage  in  a  clock  transition  exactly  if  it  cannot  engage  in  an  urgent  internal  transition.  Formally,  P  if 
and  only  if  r  ^  U{P),  for  all  P  £  V. 

We  conclude  this  section  by  two  simple  lemmas  which  will  be  used  in  the  next  sections.  The  first  one 
highlights  the  implications  of  guardedness  in  our  calculus.  As  with  the  abovementioned  properties  of  time 
determinism  and  maximal  progress,  it  can  be  proved  via  induction  on  the  structure  of  P. 

Lemma  2.1.  Let  P,  P'  ,Q  &  V ,  let  x  he  guarded  in  P,  and  let  ^  &  AU  {a}. 

1.  P  P'  implies  P[pix.Q/x]  P'lftx.Q /x], 

2.  P[iJX.Q/x]  P'[fix.Q/x]  implies  3P"  £V.  P  P"  and  P'[p,x.Q/x]  =  P"[iJtx.Q  /  x]. 

The  second  lemma  concerns  the  sort  of  a  term  P,  which  is  the  set  of  labels  of  all  transitions  reachable  in 
the  transition  system  with  start  state  P,  i.e.,  sort(P)  =df  {a  &  A  \  3P'.  P  — >*  P'  },  where  — >*  denotes 
the  reflexive  and  transitive  closure  of  — )■  (when  abstracting  from  transition  labels). 

Lemma  2.2.  The  set  sort{P)  of  any  term  P  is  finite. 

This  statement  follows  from  the  facts  that  terms  have  finite  length  and  that  relabelings  /  satisfy  the  condition 
I  {a  I  f{a)  ^  a}\  <  oo.  The  above  lemma  establishes  the  well-definedness  of  some  terms  constructed  below, 
which  include  a  generalization  of  the  summation  operator  indexed  over  actions  contained  in  sorts.  Note  that 
TAGS  just  provides  a  binary  summation  operator,  i.e.,  only  finite  summations  can  be  expressed. 

3.  Design  Choices  for  (Bi) Simulation— based  Faster— than  Relations.  In  the  following  we  define 
a  reference  faster-than  relation,  called  naive  faster-than  preorder,  which  is  inspired  by  Milner’s  notions  of 
simulation  and  bisimulation  [26] .  Our  main  objective  is  to  convince  the  reader  that  this  simple  faster-than 
preorder  with  its  concise  definition  is  not  chosen  arbitrarily.  This  is  done  by  showing  that  it  coincides  with 
two  other  preorders  which  formalize  a  notion  of  faster-than  as  well  and  which  are  possibly  more  intuitive. 
The  semantic  theory  of  our  faster-than  relation  will  then  be  developed  in  the  next  section. 

Definition  3.1  (Naive  faster-than  preorder).  A  relation  TZCV  xV  is  a  naive  faster-than  relation  if 
the  following  eonditions  hold  for  all  {P,  Q)  G  TZ  and  a  &  A. 

1.  P  P'  implies  3Q' .Q  Q'  and  {P',Q')  G  TZ. 

2.  Q  Q'  implies  3P' .  P  P'  and  {P' ,Q')  G  TZ. 

3.  P  P'  implies  3Q' .  Q  Q'  and  {P' ,  Q')  G  TZ. 

We  write  P  */  Q)  ^  TZ  for  some  naive  faster-than  relation  TZ. 
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Note  that  the  behavioral  relation  as  well  as  all  other  behavioral  relations  on  processes  defined  in  the 
sequel,  can  be  extended  to  open  terms  by  the  usual  means  of  closed  substitution  [26].  It  is  fairly  easy  to 
see  that  is  a  preorder,  i.e.,  it  is  transitive  and  reflexive;  moreover,  is  the  largest  naive  faster-than 
relation.  Technically  speaking,  the  naive  faster-than  preorder  refines  bisimulation  on  action  transitions  by 
requiring  simple  simulation  on  clock  transitions.  Intuitively,  holds  if  P  is  faster  than  (or  at  least  as 

fast  as)  Q,  and  if  both  processes  are  functionally  equivalent  (cf.  Clauses  (1)  and  (2)).  Here,  “P  is  faster 
than  Q”  means  the  following:  if  P  may  let  time  pass  and  the  environment  of  P  has  to  wait,  then  this  should 
also  be  the  case  if  one  considers  the  slower  (or  equally  fast)  process  Q  instead  (cf.  Clause  (3)).  However,  if  Q 
lets  time  pass,  then  P  is  not  required  to  match  this  behavior.  Intuitively,  we  use  bounded  delays  and  are, 
accordingly,  interested  in  worst-case  behavior.  Hence,  clock  transitions  of  the  fast  process  must  be  matched, 
but  not  those  of  the  slow  process;  behavior  after  an  unmatched  clock  transition  can  just  as  well  occur  quickly 
without  the  time  step,  whence  it  is  catered  for  in  Clause  (2).  We  come  back  to  this  issue  shortly. 

As  the  naive  faster-than  preorder  is  the  basis  of  our  approach,  it  is  very  important  that  its  definition 
is  intuitively  convincing.  There  are  two  immediate  questions  which  arise  from  our  definition  and  are  dealt 
with  separately  in  the  following  two  sections. 

3.1.  Question  I.  The  first  question  emerges  from  the  observation  that  Clauses  (1)  and  (3)  of  Def.  3.1 
require  that  an  action  or  a  time  step  of  P  must  be  matched  with  just  this  action  or  time  step  by  Q.  What  if 
we  are  less  strict?  Maybe  we  should  allow  the  slower  process  Q  to  perform  some  additional  time  steps  when 
matching  the  behavior  of  P.  This  idea  is  formalized  in  the  following  definition  of  a  variant  of  our  faster-than 

^  (j  * 

preorder,  which  we  refer  to  as  delayed  faster-than  preorder.  Here,  — >  and  — >  stand  for  the  transitive 
and  the  transitive  reflexive  closure  of  the  clock  transition  relation  respectively. 

Definition  3.2  (Delayed  faster-than  preorder).  A  relation  TZ  CV  xV  is  a  delayed  faster-than  relation 
if  the  following  eonditions  hold  for  all  {P,Q)  G  TZ  and  a  &  A. 

1.  P  ^P'  implies  3Q'.Q  Q'  and  {P',Q')  G  TZ. 

2.  Q  ^Q'  implies  3P' .  P  ^  P'  and  {P',Q')  G  TZ. 

3.  P  P'  implies  3Q' .Q  -2-^^  Q'  and  {P',Q')  G  TZ. 

We  write  P  */  {Pj  Q)  &  TZ  for  some  delayed  faster-than  relation  TZ. 

As  usual,  one  can  derive  that  is  a  preorder  and  that  it  is  the  largest  delayed  faster-than  relation.  In 
the  following  we  will  show  that  both  preorders  and  coincide.  The  proof  of  this  first  coincidence 
result  is  based  on  a  syntactic  relation  >-  on  terms,  which  is  defined  next  and  which  is  similar  to  the  progress 
preorder  used  in  [23].  The  objective  for  its  definition  is  to  provide  a  useful  technical  handle  on  the  relation 
between  clock  transitions  and  speed,  analogue  to  the  “up  to” -techniques  employed  for  reasoning  about 
bisimulation  [33].  Thus,  the  relation  >-  is  constructed  such  that  we  have  property  (*):  P  P'  implies 
P'  y  P,  for  any  P,P'  £V  (cf.  Prop.  3.7(1)). 

Definition  3.3.  The  relation  y  C  V  x  V  is  defined  as  the  smallest  relation  satisfying  the  following 
properties,  for  all  P,P',Q,Q'  G  V. 


Always: 

(1)  PyP 

(2)  Pya.P 

P'  y  P  and  Q'  y  Q  implies: 

(3)  P'\Q'yP\Q 

(4)  P'  +  Q'  yP  +  Q 

(5)  P'\LyP\L 

(6)  P'[f]  y  P[f] 

P'  y  P  and  x  is  guarded  in  P  implies: 

(7)  P'[p,x.  P/x]  y  jix.P 
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Note  that  relation  >-  is  not  transitive  and  that  it  is  not  only  defined  for  processes  but  for  arbitrary,  especially 
for  open  terms.  The  crucial  clauses  of  the  above  definition  are  Clauses  (2)  and  (7).  Since  we  want  P  P' 
to  imply  P'  >-  P,  we  clearly  must  include  Clause  (2).  Additionally,  Clause  (7)  covers  the  unwinding  of 
recursion;  for  its  motivation  consider,  e.g.,  the  transition  /ix.  a.a.a.b.x  a.a.b.iix.  a.a.a.b.x. 

To  establish  the  desired  property  (*)  of  >-,  we  need  to  state  and  prove  some  technical  lemmas.  The 
first  two  lemmas  are  concerned  with  the  preservation  of  >-  under  substitution  and  with  the  preservation  of 
substitution  by  >-,  respectively. 

Lemma  3.4.  Let  P,  P'  ,Q  £  V  such  that  P'  >-  P,  and  let  y  G  V.  Then: 

1.  y  is  guarded  in  P  if  and  only  if  y  is  guarded  in  P' . 

2.  P'[Qly]y  P[Qly]. 

Proof.  Both  statements  can  be  proved  by  induction  on  the  inference  length  of  P'  >-  P.  The  only 
interesting  case  concerns  Case  (7)  of  Def.  3.3,  where,  for  both  parts,  we  can  assume  y  ^  x,  since  x  is  neither 
free  in  P'lpix.Pfx]  nor  in  fix.P.  Now  assume  P'lpix.Pfx]  >-  jix.P  due  to  P'  >-  P. 

1.  If  there  exists  an  unguarded  occurrence  of  y  in  fix.P,  then  there  is  also  one  in  P  and,  by  induction, 
in  P' .  The  latter  occurrence  is  also  present  after  substituting  fix.P  for  x.  Otherwise,  y  is  guarded  in 
fix.P,  in  P,  and,  by  induction,  in  P' .  Hence,  every  free  occurrence  of  y  in  P'[fix.P/x]  either  stems 
from  P'  and  is  guarded  in  P' ,  or  it  is  in  a  subterm  of  fix.P,  where  it  is  guarded. 

2.  By  Barendregt’s  Assumption,  we  may  assume  that  there  is  no  free  occurrence  of  a;  in  Q  and,  by  induc¬ 
tion,  P'lQfy]  y  P[Qly].  Hence,  {P'[fix.Plx\)[Qly]  =  {P'[Qly])\pix.{P[Qly])lx\  y  fix.{P[Qly])  = 
{fix.P)[Q/y]. 

The  other  cases  are  straightforward  and,  thus,  are  omitted  here.  □ 

Lemma  3.5.  Let  P,Q,Q',R  e  V  and  x  gV  guarded  in  Q'  such  that  P  >-  Q  =  Q'[fix.R/x].  Then  there 
exists  some  P'  G  V  satisfying  P  =  P'[fix.R/x]  and  P'  >-  Q' . 

Proof.  The  proof  is  by  induction  on  the  size  of  Q' ,  including  a  case  analysis  on  the  structure  of  Q' .  The 
only  interesting  case  is  Q'  =  fiy.S  for  some  y  £V  and  S  £V,  where  we  can  assume  P  ^  Q  as  well  as  y  ^  x, 
and  that  y  is  not  free  in  R.  Now,  Q  =  fiy.{S[fix.R/x])  and  P  =  S'[fiy.S[fix.R/x]/y]  with  S'  >-  S[fix.R/x]. 
By  induction  hypothesis  we  can  write  S'  as  S"[fix.R/x]  for  some  S"  satisfying  S"  >-  S.  We  can  further 
write  P  as  S"[fiy.S/y][fix.R/x]  since  y  is  not  free  in  R.  Finally,  we  may  conclude  this  case  by  setting 
P'  =  S"[fiy.S/y].  □ 

This  second  lemma  will  become  especially  important  in  the  next  section  (cf.  Lemma  3.15).  The  following 
lemma  relates  >-  to  our  notion  of  urgent  action  sets. 

Lemma  3.6.  Let  P,Q  £  V. 

1.  If  X  is  guarded  in  P,  then  Ll(P[Q / x])  =  U{P). 

2.  IfQy  P,  then  U{Q)  D  U{P). 

Proof.  The  proof  of  Part  (1)  is  an  easy  induction  on  the  structure  of  P.  Part  (2)  follows  by  induction 
on  the  inference  length  oi  Q  >-  P.  Here,  one  needs  to  use  Part  (1)  for  Case  (7)  of  Def.  3.3;  observe  that  x  is 
guarded  in  P'  by  Lemma  3.4(1).  □ 

Now  we  have  established  the  machinery  which  we  need  to  prove  the  above  property  (*)  and,  equally  impor¬ 
tant,  to  prove  that  >-  is  a  naive  faster-than  relation. 
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Proposition  3.7. 


1.  P  P'  implies  P'  >-  P,  for  any  terms  P,P'£V. 

2.  The  relation  >-  satisfies  the  defining  elauses  of  a  naive  faster-than  relation,  also  on  open  terms; 
henee,  >-\vxV  ^ 

Proof.  The  proof  of  Part  (1)  is  a  straightforward  induction  on  the  length  of  inference  of  P  P' .  For 
proving  Part  (2)  we  show  that,  for  P'  >-  P,  the  three  clauses  in  the  definition  of  are  satisfied.  This  is 
done  by  induction  on  the  inference  length  of  P'  >-  P.  We  only  consider  the  interesting  parts  for  some  of  the 
cases  of  Def.  3.3. 

(2)  P  >-  a.P:  Our  semantics  states  that  P  P'  if  and  only  if  a.P  P' ,  for  some  P' ,  thereby 

implying  the  first  two  clauses  in  Def.  3.1.  If  P  P' ,  then  a.P  P  and  P'  >-  P  by  Part  (1). 

(3)  P'\Q'  >-  P\Q.  If  P'\Q'  Pi\Q' ,  for  some  P[,  due  to  P'  P[  (cf.  Rule  (Coml)),  then  P  Pi 
with  P[  >-  Pi  and  Q'  y  Q  hy  induction  hypothesis.  Hence,  P\Q  Pi  IQ  and  Pi'|Q'  >-  Pi|Q.  The 
other  cases  involving  Rules  (Com2)  and  (Com3)  are  similar. 

If  P'lQ'  Pi\Q'i,  for  some  P{  and  Q'l,  due  to  P'  P{  and  Q'  Q'l  (cf.  Rule  (tCom)),  then 
P  Pi  and  Q  Qi  with  P{  >-  Pi  and  Q'l  >-  Qi  by  induction  hypothesis.  Using  Lemma  3.6(2) 
we  conclude  from  P'|Q'  that  P\Q  Pi|Qi  and  PilQ)  >-  Pi|Qi. 

(7)  P'[iix.P/x]  >-  jix.P:  By  Rule  (Rec)  any  a-transition  of /ia;.P  is  of  the  form /ia;.P Pi[/ia;.P/a;],  for 
some  Pi  with  P  Pi.  Then,  by  induction  hypothesis,  P'  P(  for  some  Pi  satisfying  Pi  >-  Pi. 
Hence,  P'[p,x.P/x]  Pl[p,x.P/x]  by  Lemma  2.1(1)  since  x  is  guarded  in  P'  by  Lemma  3.4(1),  and 
we  obtain  Pl[p,x.P/x]  >-  Pilpx.P/x]  by  Lemma  3.4(2). 

On  the  other  hand,  any  a-transition  of  P'[iix.P/x]  is  of  the  form  P'[iix.P/x]  Pl[iix.P/x]  for 
some  Pi',  where  P'  P”  for  some  P"  €  V  such  that  Pl[p,x.P/x]  =  Pl'lfix.P/x]  by  Lemma  2.1(2), 
since  x  is  guarded  in  P'  by  Lemma  3.4(1).  Thus,  by  induction  hypothesis,  P  Pi  with  P”  >-  Pi, 
as  well  as  px.P  Pi[iix.P/x]  and  Pl[iix.P/x]  =  Pl'[iix.P/x]  >-  Pi\jix.P/x]  by  Lemma  3.4(2). 
The  treatment  of  clock  transitions  is  analogous. 

The  other  parts  are  easier  to  prove  and,  therefore,  are  omitted.  □ 

We  are  now  able  to  state  and  prove  our  first  main  result. 

Theorem  3.8  (Coincidence  I).  The  preorders  o,nd  eoineide. 

Proof.  Clearly,  any  naive  faster-than  relation,  including  >-\-pxV  according  to  Prop.  3.7(2),  is  a  delayed 
one.  Thus,  it  suffices  to  show  that  the  largest  delayed  faster-than  relation  77  is  a  naive  faster-than  relation. 
Hence,  consider  some  arbitrary  terms  P  and  Q  such  that  PTZQ. 

If  P  P'  for  some  process  P',  then  we  have  Q  =  Qo  Qi  Qn  and  P'  TZQn,  for  some 

n  >  1  and  some  processes  Qo,Qi,  ■  ■  ■  ,  Qn-  By  Prop.  3.7(1)  we  get  Q„  >-•••>-  Qi  >-  Q.  Since  >-|7?xp  C  77 
(see  above)  and  since  77  is  transitive,  we  conclude  P'TZQ. 

If  P  P'  for  some  process  P'  and  some  action  a,  then  we  have  Q  =  Qo  Qi  Qn-i 

Q'n-i  — t  Q'  and  P'TZQ',  for  some  n  >  1  and  some  processes  Qo,Qi,  •  •  •  ,Qn-i,Q'„-\,Q' ■  Hence,  we  may 
conclude  P'  TZQ'^_i  in  analogy  to  the  previous  case.  Since  Q„_i  >-•••>-  Qo  by  Prop.  3.7(1),  we  infer  by 
repeated  application  of  Prop.  3.7(2)  that  Q,  Q',  for  0  <  i  <  n  —  1,  such  that  Q(j_i  >-•••>-  Qq  =  Q" . 
As  above,  this  implies  P'TZQ"  and  Q  Q" . 

The  case  Q  Q',  for  some  process  P'  and  some  action  a,  is  obvious.  □ 


This  coincidence  result  justifies  our  preference  of  the  simple  and  technically  more  elegant  naive  faster-than 
preorder  over  the  probably  more  intuitive  delayed  faster-than  preorder  Nevertheless,  could 
in  practice  be  more  useful  since  there  exist  delayed  faster-than  relations  which  are  not  naive  faster-than 
relations,  such  as  the  relation  {(a.O,  .0),  (a.O,  .0),  (0, 0)},  for  i,j  €  N  with  i  >  0.  Note  that  this 

refers  to  the  relations  which  define  the  preorders,  and  not  to  the  preorders  themselves. 

3.2.  Question  II.  We  now  turn  to  a  second  question  which  might  be  raised  regarding  the  definition 
of  the  naive  faster-than  preorder  Should  one  add  a  fourth  clause  to  the  definition  of  that  permits, 
but  not  requires,  the  faster  process  P  to  match  a  clock  transition  of  the  slower  process  Q1  More  precisely, 
P  might  be  able  to  do  whatever  Q  can  do  after  a  time  step,  or  P  might  itself  have  to  perform  a  time  step 
in  order  to  match  Q.  Hence,  a  candidate  for  a  fourth  clause  is 

(4)  Q  ^Q'  implies  {P,  Q')  e  or  3P'.  P  ^  P'  and  (P',  Q')  £11. 

Unfortunately,  this  requirement  is  not  as  sensible  as  it  might  appear  at  first  sight.  Consider  the  processes 
P  =df  (T".a.O  I  a.O  I  a.O  and  Q  =df  (T".a.O  |  (T".a.O  |  a.O,  for  n  >  1.  Obviously,  we  expect  P  to  be  faster  than  Q. 
However,  Q  can  engage  in  a  clock  transition  to  Q'  =df  (T"“^.a.O  |  (T"“^.a.O  |  a.O.  According  to  Clause  (4)  and 
since  P-^,  we  would  require  P  to  be  faster  than  Q' .  This  conclusion,  however,  should  obviously  be  deemed 
wrong  according  to  our  intuition  of  “faster  than.” 

The  point  of  this  example  is  that  process  P,  which  is  in  some  components  faster  than  Q,  cannot  mimic 
a  clock  transition  of  Q  with  a  matching  clock  transition.  However,  since  P  is  equally  fast  in  the  other 
components,  it  cannot  simply  leave  out  the  time  step.  The  solution  to  this  situation  is  to  remember  within 
the  relation  IZ  how  many  clock  transitions  P  missed  out  and,  in  addition,  to  allow  P  to  perform  these  clock 
transitions  later.  Thus,  the  computation  Q  a.O  |  a.O  |  a.O  0  |  a.O  |  a.O  0  |  0  |  a.O  of  Q,  where  we 
have  no  clock  transitions  between  the  two  action  transitions  labeled  by  a,  can  be  matched  by  P  with  the 
computation  P  a". a.O  |  0  |  a.O  a.O  |  0  |  a.O  0  |  0  |  a.O.  This  matching  is  intuitively  correct,  since 
the  first  a  occurs  faster  in  the  considered  trace  of  P  than  in  the  trace  of  Q,  while  the  second  a  occurs  at  the 
same  absolute  time  measured  from  the  system  start;  only  the  time  relative  to  the  first  a  is  greater  for  P. 
Observe  that  this  example  also  testifies  to  the  need  to  remember  arbitrary  large  numbers  of  time  steps,  as 
n  >  1  is  finite  but  arbitrary.  We  formalize  the  above  ideas  in  the  following  definition. 

Definition  3.9  (Family  of  faster-than  preorders).  A  family  of  relations  inVxV,  indexed  by 

natural  numbers  (ineluding  0^,  is  a  family  of  indexed-faster-than  relations  if  the  following  eonditions  hold 
for  all  i  e  N,  (P,  Q)  £  IZi,  and  a  £  A. 

1.  P  P'  implies  3Q' .Q  Q'  and  {P',Q')  £  IZi- 

2.  Q  ^Q'  implies  3P'.P  ^  P'  and  {P',Q')  £  Hi- 

3.  P  P'  implies  (a)  3Q'.Q  Q'  and  {P',Q')  £  IZi,  or  (b)  i  >  0  and  {P',Q)  £  IZi-i- 

4-  Q  Q'  implies  (a)  3P'.P  P'  and  {P',Q')  £  IZi,  or  (b)  {P,Q')  £  IZi+i- 

We  write  P  <3  if  {P,  Q)  G  P-i  for  some  family  of  indexed-faster-than  relations  (Pj)jgN- 

Intuitively,  P  <3  means  that  process  P  is  faster  than  process  Q  provided  that  P  may  delay  up  to  i  additional 
clock  ticks  which  Q  does  not  need  to  match.  Observe  that  there  exists  a  family  of  largest  indexed-faster-than 
relations,  but  it  is  not  clear  that  these  relations  are  transitive.  We  establish,  however,  a  stronger  result  by 
showing  that  our  naive  faster-than  preorder  coincides  with  .  The  proof  of  this  result  uses  a  family  of 
purely  syntactic  relations  >-,,  for  i  €  N,  similar  to  relation  >-  in  Def.  3.3. 
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Definition  3.10.  The  relations  >-*  C  V  x  V,  for  i  €  N,  are  defined  as  the  smallest  relations  satisfying 


the  following  properties,  for  all  P,  P' ,Q,  Q',  Pi, . 

. .  ,Pn&V  and  i,  j  £  N. 

Always: 

(1)  P^iP 

Pi  >-  P2  >-■■■>-  Pn  implies: 

(2a)  Pi  >-i  aPPn 

P'  >-i  P  and  Q'  >-,  Q  implies: 

(26)  a.P'  yi+i  P 

(3)  P'\Q'yiP\Q 

(4) 

P'  3-  Q'  y,  P  3-  Q 

(5)  P'\LyiP\L 

(6) 

PV]  yi  P[f] 

P'  >-i  P  and  X  is  guarded  in  P  implies: 

(7a)  P'[p,x.P/x]  >-i  px.P 

P'  >-i  P  and  X  is  guarded  in  P'  implies: 

(76)  px.P'  yi  P[px.P' /x] 

Observe  that  Clauses  (7a)  and  (7b)  deal  with  an  unwinding  of  recursion  on  both  sides  of  >-,.  This  is  related 
to  our  aim  to  match  clock  transitions  from  both  sides  of  71,.  Similarly,  we  allow  the  addition  of  a  on 
both  sides  of  >-,  in  Clauses  (2a)  and  (2b)  and  also  in  more  general  situations  than  in  Def.  3.3.  The  next 
lemma  compares  the  relations  for  all  i  €  N,  to  the  relation  >-;  it  also  compares  the  relations  >-,  among 
themselves. 

Lemma  3.11. 

1.  >-,  C  for  all  i  e  N. 

2.  >-  C  >-o  ;  in  partieular,  P  P'  implies  P'  >-o  P,  for  any  P,P'  £  V. 

3.  P'  >-  P  (whenee,  P  P' )  implies  P  >-,  P' ,  for  all  i  >  0,  and  for  any  P,P'  €  V. 

Proof.  For  Part  (1)  consider  P  >-,  Q  and  show  P  Q  by  induction  on  the  inference  of  P  >-,  Q.  The 
proof  of  Part  (2)  is  analogous;  for  case  P  >-  a.P  recall  that  P  >-  P  and,  hence,  P  >-o  (t.P.  Also  the  proof  of 
Part  (3)  is  analogous;  for  case  P  >-  a.P  use  P  P  which  implies  a.P  >-,  P.  For  the  latter,  the  premise 
i  >  0  is  needed.  Finally,  observe  that  Clause  3.3(7)  is  matched  by  Clause  3.10(7b).  □ 

This  lemma  states  some  useful  facts  about  our  syntactic  relations.  In  particular.  Part  (3)  compares 
with  >-,,  for  i  >  0.  We  need,  however,  five  more  technical  lemmas  before  we  can  prove  our  second  coincidence 
theorem.  The  first  one  of  these  is  the  analogue  of  Lemma  3.4. 

Lemma  3.12.  Let  P,  P' ,  Q  G  V  sueh  that  P'  >-,  P,  and  let  y  £  V. 

1.  y  is  guarded  in  P  if  and  only  if  y  is  guarded  in  P' . 

2.  P'[Qly]  yiP[Qly]. 

Proof.  The  proof  is  similar  to  the  one  of  Lemma  3.4.  In  case  Pi  >-,  aPPn  (cf.  Rule  3.10(2a)),  use 
Lemma  3.4(2)  to  obtain  Pi[Q/y]  >-•••>-  Pn[Q/y]-  D 

The  second  lemma  states  that  >-o  is  reflexive  and  that  the  relations  >-,  only  relate  functionally  equivalent 
terms,  in  the  sense  of  strong  bisimulation. 

Lemma  3.13.  Let  P,Q,R  £V  sueh  that  P  >-i  Q,  and  let  a  £  A.  Then: 

1.  R  ^0 

2.  P  P'  implies  3Q'  .Q  Q'  and  P'  >-,  Q' . 

3.  Q  Q'  implies  3P' .  P  P'  and  P'  >-,  Q' . 

Proof.  While  the  proof  of  Part  (1)  is  obvious,  the  ones  for  Parts  (2)  and  (3)  are  similar  to  the  “functional” 
part  of  Prop.  3.7(2).  In  Case  (2a)  we  use  that  aPPn  Pn  if  and  only  if  P^,  if  and  only  if  Pi  P[ 
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with  P{  y  ■  ■  ■  >-  Pl^,  where  the  latter  is  inferred  by  Prop.  3.7(2).  In  Case  (2b)  we  exploit  the  property 
>~i  C  >-j+i  of  Lemma  3.11(1).  Moreover,  the  proof  for  Case  (7)  is  analogous  to  the  one  of  Prop.  3.7(2)  when 
using  Lemma  3.12  instead  of  Lemma  3.4.  □ 

The  third  lemma  builds  a  bridge  between  relation  >-o  and  urgent  action  sets. 

Lemma  3.14.  Q  >-o  P  implies  U{Q)  D  U{P),  for  any  P,Q  £V. 

Proof  The  proof  is  by  induction  on  the  inference  length  of  Q  >-o  P-  For  Clause  (2a)  use  Lemma  3.6(2) 
if  j  =  0.  Observe  that  Clause  (2b)  does  not  apply.  For  Clause  (7),  employ  Lemmas  3.6(1)  and  3.12(1).  □ 

The  fourth  lemma  just  serves  as  a  prerequisite  for  proving  the  fifth  lemma. 

Lemma  3.15.  If  Pi,  P2,  ■■■  ,Pn  ^  P  for  some  n  €  N  sueh  that  Pi  >-  P2  >-•••>-  Pn,  and  if  Pn  P' 
for  some  P'  €  V,  then  Pi  >-,  P' ,  for  all  i  >  0. 

Proof.  The  proof  is  by  induction  on  the  structure  of  P„.  We  may  assume  that  all  Pi  are  different 
and,  by  Lemma  3.11(3),  that  n  >  1.  First  observe  that  Pn  cannot  be  of  the  form  x  or  t.P.  If  Pn  is  0 
or  of  the  form  a.P,  we  have  P'  =  Pn  and  are  done  by  Clause  3.10(2a)  with  j  =  0.  If  Pn  is  cr.P,  then 
Pi  >-  ■■■  >-  Pn-i  =  P  =  P',  and  we  are  done  by  Clauses  3.10(2a)  or  (1).  The  other  cases  are  quite 
straightforward,  except  for  =  px.Q.  Here,  Pn-i  =  Q'n-i\px .Q f x]  with  Q'n-i  >-  Q]  by  Lemma  3.4(1),  x  is 
guarded  in  Q'n-i  since  it  is  guarded  in  Q.  By  repeated  application  of  Lemmas  3.5  and  3.4(1),  we  conclude 
that  each  P,,  for  1  <  i  <  n  —  1,  is  of  the  form  Q[\pix.Qlx]  and  such  that  Q)  >-  •  •  •  >-  Q'n-i-  Furthermore,  we 
have  P'  =  Q'^\pix.Qlx]  with  Q  Q'^.  Now  we  may  apply  the  induction  hypothesis  to  the  QiS  to  obtain 
Q'l  >-j  Q'n,  which  implies  Pi  =  Q'i[p,x.Qlx\  >-,  Q'n[p,x.Q Jx]  =  P'  by  Lemma  3.12(2).  □ 

Finally,  the  fifth  lemma  establishes  properties  similar  to  those  stated  in  Clauses  (3)  and  (4)  of  Def.  3.9. 

Lemma  3.16.  Let  P  yi  Q  for  some  P,Q  £V . 

1.  P  P'  implies 

•  either:  i  =  0  and  3Q' .  Q  Q'  and  P'  >-,  Q' , 

•  or:  i  >  0  and  P'  >-j_i  Q. 

2.  Q  Q'  implies  P  >-i+i  Q' . 

Proof.  Both  parts  are  proved  by  induction  on  the  inference  length  of  P  >-,  Q.  We  only  consider  the 
more  interesting  cases  here. 

•  Part  1: 

(1)  For  i  >  0,  the  time  step  P  P'  implies  P'  >-j  Q  =  P,  for  all  j,  by  Lemmas  3.11(1)  and  (2). 
(2a)  For  i  >  0,  the  time  step  Pi  Po  implies  Pq  >-  Pi  >-  •  •  •  >-  Pn',  hence,  Pq  >-j_i  aPPn-  For 
i  =  0  and  j  >  0,  the  same  argument  shows  Pq  >-*  (T^~^.Pn,  where  crPPn  -Pn-  For 

*  =  J  =  0,  by  repeated  application  of  Prop.  3.7,  Pi  Pi'  implies  Pn  Pn  for  some  Pn 
satisfying  P{  y  ■  ■  ■  y  Pl^. 

(2b)  Observe  that  a.P'  P'  and  P'  >-,  P  by  the  assumption  of  Def.  3.10(2b)  and  that  i  +  1  >  0. 
The  remaining  cases  are  straightforward  for  i  >  0.  In  case  of  Clause  (7)  we  only  have  to  consider 
transitions  of  the  form  P'lpx.Plx]  P"[iix.Plx]  (by  Lemma  2.1)  or  jjlx.P'  P"[iix.P' fx], 
where  P"  P  by  induction  hypothesis.  Then,  we  are  done  by  employing  Lemma  3.12(2)  for 
Clause  (7b).  Finally,  let  us  consider  the  case  i  =  0.  This  is  largely  analogous  using  Lemma  3.12(2) 
when  dealing  with  Clauses  (7a)  and  (7b).  For  Clause  (3),  apply  Lemma  3.14  to  deduce  that  the 
right-hand  side  can  engage  in  a  time  step. 
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•  Part  2: 

(1)  P  P'  implies  P  P'  by  Lemma  3.11(3). 

(2a)  Use  Lemma  3.15  in  case  j  =  0. 

(7)  In  case  of  Rule  (7a),  employ  similar  arguments  as  above  using  Lemma  3.12(2). 

This  completes  the  proof  of  Lemma  3.16.  □ 

Using  the  above  lemmas  we  can  now  proof  the  main  result  of  this  section. 

Theorem  3.17  (Coincidence  II).  The  preorders  o,nd  coineide. 

Proof.  Let  TZi^N  be  a  family  of  faster-than  relations.  Then,  according  to  Def.  3.9,  TZo  is  a  naive  faster- 
than  relation,  whence  ^  For  the  reverse  inclusion  consider  the  largest  naive  faster-than  relation  TZ 
and  define  a  family  of  TZi ,  for  i  £  N,  by 


RTZi  Q  if  3P.  RTZP>-iQ. 

We  check  that  these  TZi  satisfy  Def.  3.9.  Consider  RTZ  P  >-,  Q. 

1.  If  R  R' ,  then  P  P'  with  R'  TZP'  by  the  definition  of  TZ,  as  well  as  Q  Q'  with  P'  >-,  Q' 
by  Lemma  3.13(2). 

2.  The  case  Q  Q'  is  analogous  and  uses  Lemma  3.13(3). 

3.  If  R  R',  then  P  P'  with  R'TZP' .  Now,  Lemma  3.16(1)  shows  Q  Q'  with  R'  TZq  Q' ,  for 
i  =  0,  and  R'  TZi-i  Q,  otherwise. 

4.  If  Q  Q' ,  then  P  >-i+i  Q'  by  Lemma  3.16(2).  Thus,  RTZi+iQ' . 

This  finishes  the  proof,  since  Lemma  3.13(1)  implies  77.  C  TT-o  □ 

Summarizing,  we  hope  to  have  convinced  the  reader  that  our  naive  faster-than  preorder  is  a  sensible  candidate 
for  a  faster-than  preorder,  as  it  coincides  with  two  other  candidates  which  seem  to  be  at  least  equally 
appealing  but  are  technically  not  as  simple. 

4.  Semantic  Theory  of  our  Faster-than  Relation.  This  section  focuses  (i)  on  developing  a  fully- 
abstract  precongruence  based  on  our  naive  faster-than  preorder,  (ii)  on  establishing  its  semantic  theory,  and 
(iii)  on  introducing  a  corresponding  “weak”  variant  which  abstracts  from  internal,  unobservable  actions. 

4.1.  A  Fully— abstract  Faster-than  Relation.  A  shortcoming  of  the  naive  faster-than  preorder 
as  introduced  above,  is  that  it  is  not  compositional.  As  an  example,  consider  the  processes  P  =df  cr.a.O 
and  Q  =df  a.O,  for  which  Pfi^Q  holds  according  to  Def.  3.1.  Intuitively,  however,  this  should  not  be  the 
case,  as  we  expect  P  =  a.Q  to  be  strictly  slower  than  Q.  Technically,  if  we  compose  P  and  Q  in  parallel 
with  process  R  =df  a.O,  then  P\R  a.O|a.O,  but  Q\R-^,  since  any  clock  transition  of  Q\R  is  preempted 
due  to  r  e  U{Q\R).  Hence,  P\R  ^^Q\R,  i.e.,  is  not  a  precongruence. 

The  reason  for  P  and  Q  being  equally  fast  according  to  lies  in  our  SOS-rules:  we  allow  Q  to  delay 
arbitrarily,  since  this  might  be  necessary  in  a  context  where  no  communication  on  a  is  possible;  thus,  an 
additional  potential  delay  as  in  P  makes  no  difference;  in  fact,  P  and  Q  have  exactly  the  same  transitions. 
As  R  shows,  we  have  to  take  a  refined  view  once  we  fix  a  context,  and  the  example  indicates  that,  in  order 
to  find  the  largest  precongruence  contained  in  5^,  we  have  to  take  the  urgent  action  sets  of  processes  into 
account.  The  preorder  5,  which  repairs  the  precongruence  defect  of  is  defined  as  follows.  According 
to  3  we  generally  have  that  P  is  strictly  faster  than  a.P,  which  is  to  be  expected  intuitively. 
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Definition  4.1  (Strong  faster-than  precongruence).  A  relation  TZ  C  V  x  V  is  a  strong  faster-than 
relation  if  the  following  eonditions  hold  for  all  {P,  Q)  G  TZ  and  a  &  A. 

1.  P  P'  implies  3Q' .Q  Q'  and  {P',Q')  G  TZ. 

2.  Q  ^Q'  implies  3P' .  P  ^  P'  and  {P',Q')  G  TZ. 

3.  P  ^  P'  implies  U{Q)  C  U{P)  and  3Q' .Q  Q'  and  {P',Q')  G  TZ. 

We  write  PflQ  if  {P,  Q)  G  TZ  for  some  strong  faster-than  relation  TZ. 

Again,  it  is  easy  to  see  that  3  is  a  preorder,  that  it  is  contained  in  5^,  and  that  3  is  the  largest  strong  faster- 
than  relation.  Note  that  >-,  when  restricted  to  processes,  is  not  only  a  naive,  but  also  a  strong  faster-than 
relation  according  to  Lemma  3.6(2)  and  Prop.  3.7(2).  As  desired,  we  obtain  the  following  full-abstraction 
result. 

Theorem  4.2  (Full  abstraction).  The  preorder  3  is  the  largest  precongruence  eontained  in 

Proof.  We  first  need  to  establish  that  3  is  a  precongruence.  This  can  be  done  in  the  usual  fashion  [26]. 
Indeed,  when  comparing  our  technical  framework  to  the  bisimulation  approach  for  the  timed  process  algebra 
CSA  developed  in  [11],  which  in  turn  extends  CCS,  then  most  cases  of  the  compositionality  proof  can  be 
easily  adapted.  One  exception  is  our  clock-prefix  operator  in  TAGS,  for  which  we  need  to  show  that  P  AQ 
implies  a.Pf^a.Q.  This  is  obvious,  however,  since  the  initial  clock  transition  of  a.P  can  be  matched  by  the 
initial  clock  transition  of  a.Q  and  since  all  action  transitions  of  a.P  and  a.Q  are  those  of  P  and  Q  according 
to  Rule  (Pre).  In  addition,  we  present  the  compositionality  proof  for  parallel  composition,  as  it  involves  the 
rather  unusual  side  condition  regarding  urgent  action  sets.  By  the  definition  of  3,  it  suffices  to  prove  that 
=df  {{P\R,Q\R)  \  P  R  &  V}  is  &  strong  faster-than  relation.  Therefore,  let  {P\R,Q\R)  G  TZ. 

•  Aetion  transitions:  The  cases  P\R  S  and  Q\R  S,  for  some  a  £  A  and  S  £V,  follows  along 
the  lines  of  the  corresponding  cases  in  CCS  [26]  and,  therefore,  are  omitted  here. 

•  Cloek  transitions:  Let  P\R  S  for  some  S  £  V.  According  to  the  only  applicable  Rule  (tCom) 

we  know  that  (i)  P  P'  for  some  P'  £  V,  (ii)  R  R'  for  some  R'  £V,  (hi)  1({P)  fl  ll{R)  =  0 
as  well  as  r  ^  ^(-P)  and  r  ^  IT{R),  and  (iv)  S  =  P'\R'.  Since  PfiQ,  there  exists  a  process  Q' 
such  that  ll(Q)  C  U{P),  Q  Q',  and  P' flQ' .  Therefore,  we  may  conclude  Q\R  Q'\R'  by 

Rule  (tCom)  since  U{Q)  C  U{R)  =  0,  and  U{Q\R)  =  U{Q)  U  U{R)  C  U{P)  U  U{R)  =  U{P\R),  by 
the  definition  of  urgent  action  sets  and  the  fact  that  r  ^  IT{P),  r  ^  U{Q),  and  r  ^  U{R).  Moreover, 
(P'ji?',  Q'\R')  £  TZ  holds  by  the  definition  of  TZ,  which  finishes  the  proof. 

The  proof  of  the  compositionality  of  recursion  requires  one  to  introduce  a  notion  of  strong  faster-than  up  to. 
This  definition  and  the  compositionality  proof  itself  is  very  similar  to  the  one  in  CCS  with  respect  to  strong 
bisimulation  [26]. 

We  are  left  with  establishing  that  3  is  the  largest  precongruence  contained  in  •  The  proof  is  a  slight 
adaptation  of  one  for  CSA  in  [11].  As  it  is  non-standard,  it  is  worth  presenting  it  in  full  here.  From  universal 
algebra,  it  is  known  that  the  largest  precongruence  contained  in  the  preorder  exists,  and  that  P  Q 
if  and  only  if  V  TAGS  contexts  C[x].  C[P]  C[Q],  where  a  TAGS  context  C[x]  is  a  TAGS  term  with  one 
free  occurrence  of  the  variable  x  and  no  free  occurrences  of  other  variables.  Recall  that,  for  any  context  C[x], 
term  C[P]  is  obtained  by  substituting  P  for  x  in  C[x]  without  any  a-conversion,  i.e.,  free  variables  in  P 
might  be  captured.  As  3  is  a  precongruence  contained  in  5^,  we  have  3  C  and  it  remains  to  show 
that  P’2. <3,  for  some  processes  P,Q  £V,  whenever  C[P]  A^C[Q],  for  all  TAGS  contexts  C[x].  For  this  it 
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suffices  to  consider  the  preorder  =df  {{P,  Q)  \  Cpq[P]  2,^^  Cpq[Q]}.  Here,  Cpq[x]  =df  x  \  Hpq  and 

HpQ  =df  MX.(e.O  +  Ur  .{Dp  +dL-x)  I  L  C  sort(P)  U  sort((3)}) , 

where  Dp  is  defined  as  J2deL^-^-  Note  that  Hpq  is  well-defined  according  to  Lemma  2.2.  The  actions  e 
and  dp  and  their  complements  are  supposed  to  be  “fresh”  actions.  In  this  section  we  do  not  exploit  the 
presence  of  the  distinguished  action  e,  but  we  do  so  when  re-using  the  above  context  in  the  proof  of  Thm.  4. 15. 
To  finish  off  our  proof  of  Thm.  4.2,  it  is  sufficient  to  establish  the  inclusion  C  5,  since  the  inclusion 
C  2a  obviously  holds. 

We  show  that  is  a  strong  faster-than  relation  according  to  Def.  4.1.  Let  P,  Q  £V  such  that  f*  <3, 
i.e.,  we  have  Cpq[P]  Cpq[Q]  by  the  definition  of  In  the  following  we  consider  two  cases  distinguishing 
whether  process  P  performs  an  action  transition  or  a  clock  transition.  In  each  case  the  transition  of  P  leads 
to  a  transition  of  Cpq[P].  According  to  the  definition  of  matching  transitions  must  exist  which  mimic 
each  step.  From  the  existence  of  these  transitions  we  may  conclude  additional  conditions  which  are  sufficient 
to  establish  as  a  strong  faster-than  relation. 

•  Situation  1:  Let  P  P'  for  some  process  P'  and  some  action  a.  According  to  our  operational 
semantics  we  have  Cpq[P]  =  P\Hpq  P'\Hpq  =  Cpq[P'].  This  transition  can  only  be  matched 
by  a  corresponding  transition  of  Q,  say  Q  Q'  for  some  Q' .  This  is  even  true  in  case  a  =  t, 
because  the  r-successors  of  Hpq  have  the  distinguished  actions  dp  enabled.  Therefore,  we  have 
CpqIQ]  =  Q\HpQ  Q'\HpQ  =  CpqIQ']  and  Cpq[P']  2^Cpq[Q'].  Because  sort(P')  C  sort(P) 
and  sort((3')  C  sort((3),  one  can  check  that  also  Cp'Q'[P']  CpiQi[Q']  holds  by  construction  of  our 
contexts  C[x]  (cf.  a  similar  situation  discussed  in  [30]).  Thus,  P'2aQ' ■  ^  transition  Q  Q'  can 
be  matched  analogously. 

•  Situation  2:  Let  P  P'  for  some  term  P' .  As  illustrated  in  Fig.  4.1  we  let  Cpq[P]  perform  a 
r-transition  to  P\Hp,  where  Hp  =df  Dp  +  dp. Hpq  and  L  =df  {c|  c  €  (sort(P)  U  sort((3))  \  L({P)}. 
Then,  P\Hp  can  perform  a  clock  transition  to  P'\Hp  according  to  Rule  (tCom).  Finally,  we  let  P'\Hp 
engage  in  the  di-transition  to  P'\Hpq. 

Cpq[Q]  has  to  match  the  first  step  by  a  r-transition  to  Q\Hp,  since  only  this  term  has  the  distin¬ 
guished  action  dp  enabled. 

Now  we  take  a  closer  look  at  the  second  step.  We  have  to  match  a  clock  transition.  Therefore,  Q 
has  to  perform  a  clock  transition  to  some  Q' ,  and  Hp  has  to  idle,  i.e.,  Q\Hp  Q'\Hp.  According 
to  Rule  (tCom),  the  condition  L({Q)  fl  U{Hp)  =  0  has  to  be  satisfied.  Because  of  the  choice  of  L, 
this  implies  U{Q)  C  U{P). 

Finally,  the  last  step  can  only  be  matched  by  the  transition  Q'\Hp  Q'\Hpq.  Thus,  Cpq[P']  = 
P'\HpQ  Q'\HpQ  =  CpqIQ']. 

Since  sort(P')  C  sort(P)  as  well  as  sort((3')  C  sort((3),  it  follows  in  analogy  to  Situation  (1)  that 
Cp'Q'[P'\  ^^Cp,Q,[Q'l\.e.,P'2aQ'- 

Thus,  2a  is  a  strong  faster-than  relation,  i.e.,  3^  C  2.  according  to  Def.  4.1.  Hence,  ^  C  ^  which, 
together  with  the  inclusion  3  C  obtained  earlier  yields  3  =  5^  ,  as  desired.  □ 

We  conclude  this  section  by  showing  that  TAGS  is  a  conservative  extension  of  CCS  [26].  As  noted  earlier, 
we  can  interpret  any  process  not  containing  a  (T-prefix  as  CCS  process,  since  then  all  relevant  semantic  rules 
for  action  transitions  are  the  same  as  the  ones  for  CCS.  Moreover,  for  all  TAGS  terms,  we  can  adopt  the 
equivalence  strong  bisimulation  [26],  in  signs  ~,  which  is  defined  just  as  3  when  omitting  the  third  clause  of 
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P\  Hpq  QI  Hpq 

T  T 

P\{DL  +  dL.HpQ)  QliDp+dp.HpQ) 

<7  <7 

P'\{DL  +  dL.HpQ)  Q'\{DL+dL.HpQ) 

dp  dp 

P'\  Hpq  Q'\  Hpq 

Fig.  4.1.  Largest  precongruence  proof:  Illustration  of  Situation  2 

Def.  4.1.  Furthermore,  we  denote  the  term  obtained  from  some  term  P  £  V  when  deleting  all  cr’s  by  strip{P). 
We  may  now  state  the  following  conservativity  results. 

Theorem  4.3  (Conservativity).  Let  P,  Q  £V. 

1.  Always  P  implies  P  ^  Q. 

2.  If  P  and  Q  do  not  eontain  any  a -prefixes,  then  P  flQ  if  and  only  if  Qf^P  if  and  only  if  P  ^  Q. 

3.  Always  P  ~  strip{P);  furthermore,  P  P'  implies  P  ^  P' . 

Proof.  The  first  part  is  an  immediate  consequence  of  the  definitions  of  ~  and  3  •  The  second  part 
follows  by  the  fact  that  terms  without  tr-prefixes  (i)  can  only  make  a  clock  transition  to  themselves,  namely 
if  and  only  if  no  internal  transition  is  enabled,  and  (ii)  possess  the  same  urgent  actions  whenever  they  are 
related  by  3  or  ~,  since  any  action  they  can  perform  is  urgent.  For  the  first  claim  of  the  third  part, 
one  shows  by  structural  induction  on  terms  P  £  V  that  the  action  transitions  of  strip{P)  are  exactly  all 
transitions  strip{P)  strip{P')  where  P  P' .  For  the  second  claim  of  the  third  part,  one  first  proves 
that  P  p'  implies  that  strip{P)  and  strip{P')  are  identical  up  to  unfolding  of  recursion.  Then,  one 
applies  the  first  claim  to  finish  the  proof.  □ 

This  result  shows  that  our  strong  faster-than  preorder  refines  the  well-established  notion  of  strong  bisimu¬ 
lation.  Moreover,  if  no  bounded  delays  occur  in  some  processes,  then  these  processes  run  in  zero-time,  and 
our  strong  faster-than  preorder  coincides  with  strong  bisimulation.  In  other  words,  the  strong  faster-than 
preorder  is  thus  restricted  to  consider  the  “functional”  behavior  of  such  processes  only,  irrespective  of  their 
relative  speeds.  That  the  bounded  delays  in  TAGS  processes  do  not  influence  any  “functional”  behavior,  is 
demonstrated  in  the  third  part  of  the  above  result. 
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Table  4.1 

Axiomatization  for  finite  sequential  proeesses 


(Al) 

t  +  u 

=  u  +  t 

(Dl) 

0[/]  = 

=  0 

(A2) 

t+  (u  +  v) 

=  {t  +  u)+v 

(D2) 

{a.f)[f]  = 

=  /(«)•(*[/]) 

(A3) 

t  t 

=  t 

(D3) 

= 

=  cr- (*[/]) 

(A4) 

t  T  0 

=  t 

(D4) 

{t  +  u)[f]  = 

=  t[f]+u[f] 

(PI) 

a.t  +  T.u 

=  t  +  T.u 

(Cl) 

0\L  = 

=  0 

(P2) 

a.t  +  a.a.u 

=  a.t  +  a.u 

(C2) 

(a.t)  \  L  = 

=  0 

a  e  LUL 

(P3) 

t  +  a.t 

=  t 

(C3) 

(a.t)  \  L  = 

=  a.{t\  L) 

a  ^  LUL 

(P4) 

a.{t  +  u) 

=  a.t  +  a.u 

(C4) 

(a.t)  \  L  = 

=  a.{t\L) 

(P5) 

t 

□  a.t 

(C5) 

{t  +  u)\L  = 

=  i't\L)  +  {u 

\L) 

The  above  embedding  of  CCS  gives  the  technical  conservation  result  in  Thm.  4.3(2),  but  this  might 
intuitively  not  be  very  pleasing:  one  might  expect  that  the  parallel  execution  of  actions  is  faster  than  their 
arbitrary  sequential  execution,  but  the  result  shows  that  processes  a.Ojfe.O  and  a. 6.0  +  b.a.O  are  equally 
fast  with  respect  to  3  •  Intuitively,  for  things  happening  with  no  time  between  them,  it  is  difficult  to 
see  whether  they  happened  one  after  the  other  or  together.  Of  course,  the  zero-time  between  a  and  b 
is  just  a  mathematical  abstraction,  but  a  useful  one;  it  stands  for  a  very  short,  negligible  time.  As  an 
alternative,  one  could  follow  the  approach  of  [23]  and  assume  that  actions  might  take  some  time,  and  for 
a  uniform  embedding  of  CCS  one  can  give  each  action  a  bounded  delay  of  one.  Technically,  this  means  to 
embed  ordinary  CCS-terms  into  TAGS  by  inserting  a  cr-prefix  before  each  action.  Thm.  4.3(2)  shows  that 
this  translation  does  not  change  any  “functional”  behavior.  With  this  embedding,  however,  the  classical 
expansion  law  “a.O  |  6.0  =  a. 6.0  +  6.a.0”  is  not  preserved  due  to  timing:  a.a.O  \  a.b.O  is  strictly  faster  than 
a.a.a.b.Q  +  a.b.a.a.Q]  consider  the  matching  of  a  clock  transition. 

4.2.  Axiomatization.  In  this  section  we  provide  a  sound  and  complete  axiomatization  of  our  strong 
faster-than  precongruence  3  for  the  class  of  finite  sequential  processes.  According  to  standard  terminology, 
a  process  is  called  finite  sequential  if  it  does  neither  contain  any  recursion  operator  nor  any  parallel  operator. 
Although  this  class  seems  to  be  rather  restrictive  at  first  sight,  it  is  simple  and  rich  enough  to  demonstrate,  by 
studying  axioms,  how  exactly  our  semantic  theory  for  ^  in  TAGS  differs  from  the  one  for  strong  bisimulation 
in  CCS  [26].  We  refer  the  reader  to  the  end  of  this  section  for  a  discussion  on  the  implications  when 
considering  to  axiomatize  larger  classes  of  processes.  As  a  notational  convention  we  write  for  the  set  of 
all  finite  sequential  processes,  ranged  over  by  s,  t,  and  u. 

Now,  we  turn  to  the  axioms  for  strong  faster-than  precongruence  which  are  displayed  in  Table  4.1,  where 
any  axiom  of  the  form  t  =  u  should  be  read  as  two  axioms  t  □  u  and  u  □  t.  We  write  \-  t  ^  u  ii  t  ^  u 
can  be  derived  from  the  axioms.  Axioms  (A1)-(A4),  (D1)-(D4),  and  (C1)-(C5)  are  exactly  the  ones  for 
strong  bisimulation  in  CCS  [26].  Hence,  the  semantic  theory  of  our  calculus  is  distinguished  from  the  one 
for  strong  bisimulation  by  the  additional  Axioms  (P1)-(P5).  Intuitively,  Axiom  (PI)  reflects  our  notion  of 
maximal  progress  or  urgency,  namely  that  a  process,  which  can  engage  in  an  internal  urgent  action,  cannot 
delay.  Axiom  (P2)  states  that,  if  an  action  occurs  “urgent”  and  “non-urgent”  in  a  term,  then  it  is  indeed 


16 


urgent,  i.e.,  the  non-urgent  occurrence  of  the  action  may  be  transformed  into  an  urgent  one.  Axiom  (P3)  is 
similar  in  spirit,  but  cannot  be  derived  from  Axiom  (P2)  and  the  other  axioms.  Axiom  (P4)  is  a  standard 
axiom  in  timed  process  algebras  and  testifies  to  the  fact  that  time  is  a  deterministic  concept  which  does  not 
resolve  choices.  Finally,  Axiom  (P5)  encodes  our  elementary  intuition  of  cr-prefixes  and  speed  within  TAGS, 
namely  that  any  process  t  is  faster  than  process  a.t  which  might  delay  the  execution  of  t  by  one  clock  tick. 

The  correctness  of  our  axioms  with  respect  to  3  can  be  established  as  usual  [26].  However,  it  is  worth 
noting  that  all  axioms  are  sound  for  arbitrary  TAGS  processes,  not  only  for  finite  sequential  ones.  To  prove 
the  completeness  of  our  axiomatization  for  finite  sequential  processes,  we  introduce  a  notion  of  normal  form 
which  is  based  on  the  following  definition.  A  finite  sequential  process  t  is  called  in  summation  form  if  it  is 
of  the  shape 


t  =  [+  a.ta  ] 

iei 

where  (i)  I  denotes  a  finite  index  set,  (ii)  all  the  are  in  summation  form,  (iii)  the  subterm  in  brackets  is 
optional  and,  if  it  exists,  is  in  summation  form,  and  (iv)  a,  €  A,  for  all  i  £  I.  Moreover,  is  the  indexed 
version  of  +;  we  adopt  the  convention  that  the  sum  over  the  empty  index  set  is  identified  with  process  0. 
As  expected,  we  obtain  the  following  result. 

Proposition  4.4.  For  any  t  £  there  exists  some  u  £  in  summation  form  sueh  that  \-  t  =  u. 

Proof.  The  proof  proceeds  by  induction  on  the  size  of  process  t,  i.e.,  the  number  of  operators  contained 
in  t.  Please  observe,  for  the  induction  base,  that  process  0  is  trivially  in  summation  form.  For  the  induction 
step,  using  Axioms  (C1)-(C5)  and  Axioms  (D1)-(D4),  one  can  eliminate  restrictions  and  relabelings  as 
usual  [26].  Consequently,  t  is  transformed  into  a  process  which  is  just  a  sum  of  prefixed  terms.  In  case  of 
several  cr-prefixed  terms,  these  can  be  merged  into  one  by  (repeatedly)  applying  Axiom  (P4)  and  possibly 
Axioms  (Al)  and  (A2).  Then,  the  processes  trailing  the  prefixes  can  be  brought  into  summation  form 
according  to  the  induction  hypothesis.  The  proof  details  are  quite  straightforward  and,  thus,  are  omitted  in 
this  report.  □ 

In  the  remainder,  the  following  definition  of  the  set  of  initial  actions,  in  which  some  process  t  in  summation 
form  can  engage  in,  will  prove  useful:  T{t)  =^fU{t)  [U  T{ta)  ].  It  is  easy  to  establish  that  T{t)  is  compatible 
with  our  operational  semantics,  i.e.,  the  equality  I{t)  =  {a  £  A\t  }  holds. 

Definition  4.5  (Normal  form).  The  proeess  "^i^jCti-ti  [+  a.ta  ]  in  summation  form  is  in  normal 
form  if  all  terms  ti,  for  i  £  I,  are  in  normal  form  and,  in  ease  the  optional  term  in  braekets  is  present,  the 
following  eonditions  are  satisfied:  (i)  t^  ^  0;  (ii)  Vi  £  I.  ai  ^  r;  (iii)  Vi  £  I.  ai  ^  ^(ta)i  and  (iv)  term  t^  is 
in  normal  form. 

Before  we  state  the  key  proposition  that  every  finite  sequential  process  can  be  transformed  into  normal  form, 
we  note  that  Conds.  (ii)  and  (iii)  exactly  correspond  to  our  abovementioned  intuitions  regarding  Axioms  (PI) 
and  (P2),  respectively. 

Proposition  4.6.  For  any  t  £  V^f^q,  there  exists  some  u  £  V^f^q  in  normal  form  sueh  that  \-  t  =  u  and 
U{t)  ^U{u). 

Note  that,  as  one  can  check  in  the  following  proof,  the  set  of  urgent  actions  might  increase  when  transforming 
a  process  into  normal  form  due  to  the  application  of  Axiom  (PI),  whereas  the  set  of  initial  actions  cannot 
change.  This  former  inclusion  is  exploited  in  the  completeness  proof  of  our  axiomatization. 
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Proof.  According  to  Prop.  4.4  we  may  assume  t  to  be  in  summation  form.  Now,  the  proof  is  by  induction 
on  the  size  of  process  t  =  ]•  In  the  following,  we  only  comment  on  the  more  interesting 

proof  steps  and  do  not  explicitly  mention  applications  of  Axioms  (Al)  and  (A2).  Especially,  the  statement  of 
the  proposition  is  trivially  true  for  the  induction  base  t  =  0.  Moreover,  if  the  optional  summand  cr.tfj  does  not 
exist,  then  one  just  needs  to  apply  the  induction  hypothesis  to  normalize  all  t,,  for  i  £  I,  and  the  proof  is  done. 
Hence,  we  may  assume  that  the  summand  cr.tfj  is  present.  If  Cond.  (ii)  is  violated,  i.e.,  if  a,  =  r  for  some  i  £  I, 
then  \-  t  =  t'  =df  ai-ti+ta  by  Axiom  (PI).  Observe  that  t'  is  in  summation  form,  has  smaller  size  than  t, 
and  satisfies  L({t)  CL({t').  One  can  now  finish  off  this  case  by  applying  the  induction  hypothesis.  Thus,  we 
may  assume  that  Cond.  (ii)  holds  and  turn  our  attention  to  establishing  Cond.  (hi).  We  first  (repeatedly)  use 
Axioms  (A3)  and  (P2)  and  then  Axiom  (P4)  to  infer  h  ai.ti  +  a.tu  =  XliG/  +  = 

J2iei  +  ^ct)-  We  can  now  apply  the  induction  hypothesis  to  process  Yliei  and 

obtain  a  term  t”  in  normal  form  satisfying  h  =  t”  and  ai.ti  + 1^)  C  U{t").  From 

this  inclusion,  it  is  easy  to  see  that  term  t”  can  be  written  as  [+  cr.t”  ],  for 

some  index  sets  K  and  J,  such  that  {a,  \  i  £  1}  =  {jk  \  k  £  K}  and  {jk  \  k  £  K}  n  {/3j  \j  €  J}  =  0.  This 
implies  (*)  a,  ^  Pj-tj  [  +  o'T"]).  By  applying  the  above  transformation  backwards,  i.e.,  by  employing 

Axioms  (P2)  and  (P4),  we  infer  \-  t  =  Y^iei  +  T^keK  t  +  ])•  latter  term 

satisfies  Cond.  (hi)  due  to  property  (*)  and  still  satisfies  Cond.  (ii),  too.  By  induction  we  can  normalize  the 
processes  t,,  for  i  £  I,  while  Y^jeJ  Pp^'j  I"*"  ]  and  the  Pf.  are  in  normal  form  since  t”  is.  Finally,  in  case 

'^j^jPj-Pj  [+  ]  =  0,  we  can  eliminate  the  subterm  cr-i'^j^jPj-tj  [+  ])  since  1-0  =  0  +  cr.O  =  cr.O 

by  Axioms  (P3)  and  (A4).  This  establishes  Cond.  (i),  and  we  are  done.  □ 

Before  we  can  proceed  to  our  completeness  theorem,  we  need  to  state  a  technical  lemma. 

Lemma  4.7.  Let  t  =  '^i^iOa-ti  [+  o'-fo-  ]  and  u  =  YljeJ  Pp'^i  [“*“  processes  in  normal  form 

such  that  t^u.  Moreover,  let  B  C  {fdj  |  j  £  J}. 

{/^i  I  i  &  J}  ^  {ai\i  £  /}. 

cfiGB} ~  TlyeJ \i3jeB}  Pp'^P 

3.  Always  a.U]^  E{iG  J  |  ft+s} • 

Proof. 

•  Part  (1):  If  a,  =  r  for  some  i  £  I,  then  the  summand  a.tfj  does  not  exist  and  the  claim  follows  from 
Def.  4.1(2).  Otherwise,  t  can  engage  in  a  cr-transition,  whence  the  claim  coincides  with  L({u)  C  L({t) 
which  follows  from  Def.  4.1(3). 

We  are  proving  the  other  two  statements  separately  and  proceed  along  the  case  distinction  explicit  in  the 
definition  of  3- 

•  Part  (2):  If  the  right-hand  side  can  engage  in  an  action  transition,  say  E{jGJ|ft  GB}  Pp'^t 

then  u  Uj!  and  t  by  the  definition  of  3-  Since  B  C  {a,  |  i  €  /}  by  (1),  we  have  Pji  =  a,/,  for 
some  i'  £  I,  such  that  t^Pf^  by  Cond.  (hi)  of  normal  forms.  Hence,  E{jG/|aiGB} 
ti'  3  Uj! .  The  case  where  the  left-hand  side  engages  in  an  action  transition  is  analogous.  Moreover, 
it  is  easy  to  see  that  both  sides  have  the  same  sets  of  urgent  actions  and,  if  r  is  not  among  these 
actions,  then  both  terms  can  idle  on  a. 

•  Part  (3):  The  proof  of  this  part  is  by  induction  on  the  size  of  process  u.  Since  the  induction  base, 
i.e.,  u  =  0,  is  trivial,  we  only  focus  on  the  induction  step. 
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If  the  left-hand  side  '12{iei  \  ai^B}  I"*"  ]  can  engage  in  an  a,/ -transition  to  ti' ,  for  some 

ai'  ^  B,  then  so  can  t.  Since  a,'  ^  B,  the  matching  a,' -transition  of  u,  according  to  the  definition 
of  3,  also  exists  for  the  right-hand  side  X]{jG,7 1  t"*"  ]•  ^  /3j' -transition  of  the 

right-hand  side,  for  j'  €  {j  G  J  |  Pj  ^  B},  can  be  treated  analogously. 

If  the  left-hand  side  can  engage  in  an  a-transition  to  some  term  due  to  cr.tfj  for  some 

a  &  A,  then  t  and  a  ^  B  by  (1)  and  Cond.  (iii)  of  normal  forms.  Hence,  the  right-hand  side 

can  match  this  transition  in  the  same  way  as  u  does  according  to  the  definition  of  3-  A  /3-transition 
of  the  right-hand  side,  due  to  a.u^  u'^  for  some  action  /3  and  some  term  u'^,  can  be  dealt  with 
in  an  analogous  fashion. 

It  remains  to  consider  the  case  J2{iei\ai^B}  [+  J2{iei\ai^B}  [+  ta  ]■  If  r  G  B, 

then  none  of  the  optional  summands  exists,  and  cti-ti  and  J2{jeJ\p-(B}  can  idle 

just  as  t  and  u  can.  If  r  ^  5,  then  t  'Hiei  [+  ]  and,  according  to  the  definition  of  3 

and  our  operational  rules:  (a)  u  ],  whence  |  [+ 

[+  ];  (b)  Q  ^it)  which  implies  [+(^-Ua])  = 

lA{u)  \B  C  lA{t)  \B  =  ff(E{jG/  I  ai^B}  ])i  (c)  ^i£l  f  ct  ]  3  ^j£j  Pj  ■'^j  [  +  ]  • 

Since  the  processes  in  (c)  are  again  in  normal  form,  one  can  apply  the  induction  hypothesis  to  obtain 
E{*G/|ai^B}  [+  iff  ]3  E{iGJ|ft-^B}  [+  ]’  desired.  Note  that  the  urgent  actions 

of  ta  and  Ua  cannot  be  in  B. 

This  completes  the  proof  of  Lemma  4.7.  □ 

The  next  lemma  essentially  states  the  desired  completeness  result  for  specific  finite  sequential  processes, 
namely  those  whose  corresponding  normal  forms  do  not  contain  the  optional  cr-summand. 

Lemma  4.8.  Let  t  =  Ejg/ and  u  =  Pj.Uj  be  in  normal  form  such  that  t^u.  Then,\-t^u. 

Proof.  The  proof  is  done  by  induction  on  the  sum  of  the  process  sizes  of  t  and  u.  For  the  induction  base 
we  have  t  =  u  =  0;  hence,  h  0  □  0  trivially  holds.  In  the  induction  step  we  reason  as  follows.  According  to 
the  definition  of  3,  there  exists  for  each  i'  £  I  some  j'  G  J  such  that  a,/  =  Pji  and  ti'Auj’.  By  induction 
hypothesis  we  may  conclude  h  ti'  □  Uji ,  whence  h  a,/  .t +  YljeJ  '^jeJ  “  '^jeJ 

by  Axiom  (A3)  and  possibly  Axioms  (Al)  and  (A2).  By  repeating  this  reasoning  for  each  i  £  I,  we  obtain 
^  Ejg/  '^jeJ  =  t  +  u  □  u  =  YljeJ  Analogously,  we  can  infer  h  t  □  t  +  u.  Hence,  h  t  □  u 

by  transitivity.  □ 

Finally,  we  are  able  to  state  and  prove  the  main  result  of  this  section. 

Theorem  4.9  (Correctness  &  completeness).  For  finite  sequential  processes  t  and  u  we  have:  h  t  □  u 
if  and  only  if  t  flu. 

Proof.  The  correctness  “  ”  of  our  axiom  system  follows  by  induction  on  the  length  of  the  inference 

h  t  □  u,  as  usual;  we  leave  it  as  an  exercise  to  the  reader  to  show  that  indeed  □  may  be  safely  replaced  by  3 
in  each  axiom.  Thus,  we  are  left  with  proving  completeness  “<^=”.  By  Prop.  4.6  we  may  assume  that  the 
processes  t  and  u  are  in  normal  form.  If  neither  t  nor  u  possesses  an  optional  cr-summand,  we  are  done  by 
Lemma  4.8.  Otherwise,  we  proceed  by  induction  on  the  sum  of  the  process  sizes  of  t  and  u  as  follows. 

We  first  apply  Lemma  4.7(2)  to  t  =  Ejg/  ]’  ^  =  '^jeJ  I  ],  and  B  =  {Pj  \  j  £  J}, 

which  yields  Yl{iei  \  oieB}  2.  J2{jeJ  \  ft-GR}  least  one  of  t^  and  is  missing,  we  may  apply 

the  induction  hypothesis  to  conclude  h  Yl{iei  {aieB}  —  Yl{jeJ\PjeB} 
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Furthermore,  by  Lemma  4.7(3),  Yl{iei\a  I"*"  ]  5  0  [+  ]•  If  B  ^  0,  one  can  apply 

the  induction  hypothesis  to  conclude  that  this  relation  is  also  derivable  in  our  axiom  system,  and  we  are 
done.  Otherwise,  both  t  and  u  possess  a  cr-transition,  which  yields  Yliei  [+  ]  3  by  the  definition 

of  with  Wct  =  0  if  the  summand  cr.Ufj  is  absent.  According  to  the  induction  hypothesis  (observe  that  at 
least  one  a  is  missing  when  compared  to  t  and  u)  we  obtain  h  ["*"  Hence,  we  may 

conclude  h  [+ cr.t,,  ]  □  (T.(^  aj.tj)  [  +  cr.t,,  ]  □  (T.(  ^ aj.t*  [  +  ] )  □  a.u^  □  Q[+(j.u„] 

by  Axioms  (P5),  (P4),  and  (A4),  by  the  above,  and  by  the  fact  1-0  + cr.  0  =  0.  □ 

It  is  very  desirable  to  extend  our  axiomatization  to  cover  parallel  composition,  too,  but  this  is  non-trivial 
and  still  an  open  problem.  As  already  mentioned,  cr.a.O  |  (T.6.0  is  strictly  faster  than  a.a.a.b.Q  +  a.b.a.a.Q] 
but  since  a  is  synchronized,  a  more  sensible  expansion  law  would  try  to  equate  a.a.O  \  a.b.O  with  (T.{a.O  \  6.0). 
Unfortunately,  this  law  does  not  hold,  since  the  latter  process  can  engage  in  an  a-transition  to  0  |  6.0  and 
is  therefore  strictly  faster.  Thus,  our  situation  is  the  same  as  in  Moller  and  Tofts’  paper  [29]  which  also 
considers  a  bisimulation-type  faster-than  relation  for  asynchronous  processes,  but  which  deals  with  best- 
case  rather  than  worst-case  timing  behavior.  It  turns  out  that  the  axioms  for  the  sequential  sub-calculus 
given  in  [29]  are  all  true  in  our  setting;  however,  we  have  the  additional  Axioms  (PI)  and  (P2)  which  both 
are  valid  since  a  is  just  a  potential  delay  that  can  occur  in  certain  contexts.  Also  Moller  and  Tofts  do  not 
treat  parallel  composition  completely,  just  some  expansion-like  inequalities  are  listed.  Once  we  know  how 
parallel  composition  can  be  dealt  with,  extending  our  axiomatization  to  regular  sequential  processes,  i.e., 
the  class  of  finite-state  sequential  processes  that  do  not  contain  restriction  and  relabeling  operators  inside 
recursion,  can  be  done  by  adapting  Milner’s  technique  for  uniquely  characterizing  recursive  processes  by 
systems  of  equations  in  normal  form  [25] . 


4.3.  Abstracting  from  Internal  Compntation.  The  strong  faster-than  precongruence  introduced 
in  Sec.  4.1  is  too  discriminating  for  verifying  systems  in  practice.  It  requires  that  two  systems  have  to 
match  each  others  action  transitions  exactly,  even  those  labeled  with  the  internal  action  r.  Consequently, 
one  would  like  to  abstract  from  r’s  and  develop  a  faster-than  precongruence  from  the  point  of  view  of  an 
external  observer.  As  our  algebra  is  a  derivative  of  CCS,  our  approach  closely  follows  the  lines  of  [26]. 

We  start  off  with  the  definition  of  a  naive  weak  faster-than  preorder  which  requires  us  to  introduce  the 
following  auxiliary  notations.  For  any  action  a,  we  define  a  =df  e,  if  a  =  r,  and  a  =df  a,  otherwise.  Further, 
we  let  =df  — ^  and  write  P  Q  if  there  exist  R  and  S  such  that  P  R  S  Q. 

Definition  4.10  (Naive  weak  faster-than  preorder).  A  relation  TZ  CV  xV  is  a  naive  weak  faster-than 
relation  if  the  following  eonditions  hold  for  all  {P,  Q)  G  TZ  and  a  &  A. 

1.  P  P'  implies  3Q' .Q  Q'  and  {P',Q')  G  TZ. 

2.  Q  ^Q'  implies  3P' .  P  ^  P'  and  {P',Q')  G  TZ. 

3.  PA^P'  implies  3Q',Q",  Q'" .  Q  ^  Q"  Q"'  ^  Q'  and  {P',Q')  G  TZ. 

We  write  P  if  {P,  Q)  G  TZ  for  some  naive  weak  faster-than  relation  TZ. 

Since  no  urgent  action  sets  are  considered,  it  is  easy  to  see  that  3^^  is  not  a  precongruence.  To  get  closer 
to  our  goal  to  define  an  observational  faster-than  precongruence,  we  re-define  the  third  clause  of  the  above 
definition;  please  note  the  analogy  to  the  third  clause  of  Def.  4.1. 

Definition  4.11  (Weak  faster-than  preorder).  A  relation  TZ  CV  xV  is  a  weak  faster-than  relation  if 
the  following  eonditions  hold  for  all  {P,  Q)  G  TZ  and  a  &  A. 


20 


1.  P  P'  implies  3Q'.Q  Q'  and  {P',Q')  G  P. 

2.  Q  ^Q'  implies  3P' .  P  ^  P'  and  {P',Q')  G  7^. 

3.  P^P'  implies  3Q',Q",  Q'" .  Q  ^  Q"  ^  Q"'  ^  Q' ,  U{Q")  C  U{P),  and  {P',Q')  G  7^. 

We  write  P  if  {P,  Q)  £  P  for  some  weak  faster-than  relation  P. 

From  this  definition  we  may  conclude  that  5  is  the  largest  weak  faster-than  relation  and  that  ~  is  a  preorder. 
In  addition,  the  following  proposition  holds. 

Proposition  4.12.  The  relation  3  is  a  preeongruenee  for  all  operators  exeept  summation.  Moreover, 
~  is  eharaeterized  as  the  largest  sueh  preeongruenee  eontained  in 

Proof.  In  the  following  we  prove  the  precongruence  property,  i.e.,  we  show  that  ~  is  compositional  with 
respect  to  action  prefixing,  clock  prefixing,  parallel  composition,  restriction,  relabeling,  and  recursion.  Most 
cases  are  standard  and  can  be  checked  along  the  lines  of  [26].  The  case  of  clock  prefixing  is  also  easy  and 
quite  similar  to  the  “strong”  case.  Therefore,  we  restrict  ourselves  to  the  case  of  parallel  composition.  For 
this  proof,  the  following  property  turns  out  to  be  useful.  Let  P,  P' ,  Q  £  V  such  that  P  P' .  Then 

P\Q^P'\Q  and  Q\P^Q\P'  (4.1) 

This  property  can  be  proved  by  induction  on  the  “length”  of  the  weak  transition  P  P' .  For  the 
compositionality  proof  regarding  parallel  composition,  it  is  by  Def.  4.11  sufficient  to  establish  that 

P=d({{P\R,Q\R)\P^Q,  R&P} 

is  a  weak  faster-than  relation.  Let  {P\R,Q\R)  be  an  arbitrary  pair  in  P. 

•  Aetion  transitions:  The  cases  where  P\R  S  and  Q\R  S,  for  some  S  £  V  and  a  £  A  are 
standard. 

•  Cloek  transitions:  Let  P\R  S  for  some  S  £  V.  By  the  only  applicable  Rule  (tCom)  we  know 

that  (i)  P  P'  for  some  P'  £V,  (ii)  R  R'  for  some  R'  £V,  (iii)  1({P)  fl  ll{R)  =  0  as  well  as 
r  ^  h((P)  and  r  ^  U{R),  and  (iv)  S  =  P'\R' .  Since  PAQ,  there  exist  terms  Q',Q'',Q"'  £  V  such 
that  Q  Q"  Q'"  Q' ,  U{Q")  C  U{P),  and  P'  AQ' .  First,  observe  that  U{Q")  n  U{R)  C 

U{P)(MA{R)  =  0  and  that  r  ^  U(Q").  Applying  Property  (4.1)  and  Rule  (tCom)  again,  we  conclude 
Q\R  ^  Q''\R  Q'"\R'  ^  Q'\R'.  Moreover,  U{Q''\R)  =  U{Q'')  yjU{R)  C  U{P)  yjU{R)  = 

U{P\R),  since  r  ^  U{Q"),  r  ^  U{P),  and  r  ^  U{R).  Finally,  {P'\R' ,Q'\R')  £  P  holds  due  to  the 
definition  of  P,  which  completes  this  proof  part. 

To  conclude  this  part  of  the  proof,  we  want  to  remark  that,  in  order  to  show  3  to  be  compositional  with 
respect  to  recursion,  we  need  to  define  a  notion  of  weak  faster-than  preorder  up  to  ~  (cf.  [33]),  which  can  be 
done  in  the  obvious  fashion.  Then,  the  proof  is  similar  to  the  corresponding  one  in  [26]. 

We  are  left  with  establishing  the  “largest”  claim.  From  universal  algebra  we  know  that  the  largest 
precongruence  — for  all  operators  except  summation —  contained  in  exists.  Since  3  is  such  a  pre¬ 

congruence,  the  inclusion  ~  C  holds.  Thus,  it  remains  to  show  3^^  C  A.  Consider  the  relation 
=df  {{P,  Q)  I  Cpq[P]  PpqIQW^  where  the  terms  Cpq[x]  are  defined  as  in  the  proof  of  Thm.  4.2.  Since  x 
is  simply  put  in  parallel  with  process  PlpQ  in  Cpq[x],  we  have  that  P  Q  implies  Cpq[P]  Cpq[Q]  and 
Cpq[P]  ^^CpqIQ]')  conclude  that  C  3^.  The  other  necessary  inclusion,  C  3,  is  established  by 
proving  that  3^  is  a  weak  faster-than  relation.  Let  P,Q  £V  such  that  PA^Q,  and  consider  the  following 
two  situations. 
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•  Situation  1:  Let  P  P'  for  some  P'  £V  and  some  a  £  A.  According  to  our  operational  semantics 
we  may  derive  Cpq[P]  =  P\Hpq  P'\Hpq  =  Cpq[P'].  This  transition  can  only  be  matched  by  a 
corresponding  weak  transition  of  Q,  say  Q  Q' ,  for  some  Q'  £V,  since  only  process  Hpq  has  the 
distinguished  action  e  enabled.  Therefore,  we  have  Cpq[Q]  =  Q\PIpq  Q'\Hpq  =  Cpq[Q']  and 
(^pq[P']  ^n^PQlQ']-  Because sort(P')  C  sort(P)  andsort((3')  C  sort((3),  also Cp-q- [P']  2^Cp'Q'[Q'] 
holds.  Thus,  P'  Q'.  The  case  where  Q  Q' ,  for  some  Q'  £V  and  some  a  €  is  analogue. 

•  Situation  2:  Let  P  P'  for  some  P'  £  V.  As  illustrated  in  Fig.  4.2,  Cpq[P]  can  perform  a 
r-transition  to  P\PIl,  where  Pip  =df  Dp  +  dp. Hpq  and  L  =df  {c|  c  €  (sort(P)  U  sort((3))  \  L({P)}. 
Then,  P\Hp  can  engage  in  a  cr-transition  to  P'\Hp  according  to  Rule  (tCom).  Finally,  we  consider 
the  step  P'\Hp  ^P'\HpQ. 

P\  Hpq  Q  I  Hpq 

T  e 

P  \{Dp  +  dp.HpQ)  Q"  \{Dp  +  dp.HpQ) 

<7  <7 

P'\{Dp  +  dp.HpQ)  Q"'\{Dp  +  dp.HpQ) 

dp  dp 

P'\  Hpq  Q'\  Hpq 

Fig.  4.2.  Largest  precongruence  proof:  Illustration  of  Situation  (2) 

Let  US  have  a  look  at  the  first  step.  Since  Cpq[P]  Cpq[Q],  we  have  Cpq[Q]  LF",  for  some 
W  £  V.  We  know  that  Hpq  has  to  perform  a  r-transition  to  Hp  but  cannot  take  part  in  a 
communication,  since  e  and  dp  are  distinguished  actions.  However,  Q  may  be  able  to  perform  some 
r-transitions  to  some  process  Q”  £  V,  i.e.,  Q  Q”  and  P\Hp  Q"\Hp. 

Now  we  consider  the  more  interesting  second  step.  Since  P\Hp  3^^  Q''\Hp,  we  know  of  the  existence 
of  some  W"  £  T  such  that  Q"\Hp  W"  and  P'\HpA^W"' .  According  to  our  operational 
semantics,  Q"  and  Hp  have  to  perform  a  naive  temporal  weak  cr-transition.  Since  Hp  cannot  take 
part  in  a  communication  (see  above),  it  can  only  engage  in  an  idling  cr-transition  Hp  Hp,  and 

we  conclude  W"'  =  Q"'\Hp  for  some  process  Q'"  £  V  such  that  Q"  Q'" ,  i.e.,  Q"  Q'C 

^  Q'"  for  some  G  V.  Then,  Q"\Hp  ^  Q'i'\Hp  Q'i'\Hp  ^  Q'"\Hp  must  hold. 

According  to  Rule  (tCom)  the  condition  L({Q”')  fl  U{Hp)  =  0  has  to  be  satisfied  in  order  that  the 
clock  tick  may  occur.  By  the  choice  of  L,  this  condition  implies  U{Q'i)  C  U{P),  as  desired. 
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Finally,  let  P'\Hl  ^  P'\Hpq  =  Cpq[P'].  Since  P'\Hl  we  have  Q"'\Hl  ^  W,  for 

some  W  e  V.  We  know  that  Pip  performs  its  d^-transition  to  Hpq  since  e  is  a  distinguished 
action.  However,  Q'"  may  engage  in  some  r-transitions  to  some  Q'  €  V,  i.e.,  Q'"  Q' ,  and 

Cpq[P']  =  P'\Hpq  Q'\Hpq  =  CpqIQ']. 

We  have  established  the  existence  of  processes  Q',  Q”' ,  Q2  G  V  such  that  Q  Q'”  Q2  Q' 
and  U(Q'I')  C  U(P).  Also  Cp.Q.[P']  2^Cp.q.[Q']  holds,  i.e.,  P' since  Cpq[P']  2^Cpq[Q'], 
sort(P')  C  sort(P),  and  sort((3')  C  sort((3). 

Thus,  is  indeed  a  weak  faster-than  relation,  and  we  are  done.  □ 

The  reason  for  the  non-compositionality  of  the  summation  operator  is  similar  to  that  with  respect  to  obser¬ 
vational  equivalence  in  CCS  [26].  Fortunately,  the  summation  fix  used  for  other  bisimulation-based  timed 
process  algebras,  such  as  CSA  [11],  proves  effective  for  TAGS,  too. 

Definition  4.13  (Weak  faster-than  precongruence).  A  relation  TZ  C  V  x  V  is  a  weak  faster-than 
precongruence  relation  if  the  following  eonditions  hold  for  all  {P,  Q)  G  TZ  and  a  &  A. 

1.  P  P'  implies  3Q' .  Q  Q'  and  P'  AQ' . 

2.  Q  Q'  implies  3P' .  P  P'  and  P'  A  Q' . 

3.  P  ^  P'  implies  U{Q)  C  U{P),  and  3Q' .  Q  ^  Q'  and  {P',Q')  G  TZ. 

We  write  P  AQ  if  {P,  Q)  G  TZ  for  some  weak  faster-than  preeongruenee  relation  TZ. 

We  first  show  that  A  is  indeed  a  precongruence  and  also  present  a  simple  full-abstraction  result. 
Proposition  4.14.  The  relation  3  is  the  largest  preeongruenee  eontained  in  3  . 

Proof.  The  compositionality  of  A  is  easy  to  show  for  the  cases  of  action  and  clock  prefixing,  restriction, 
and  relabeling.  In  the  following  we  deal  with  the  remaining,  more  interesting  cases.  Let  P,Q,R,S  £  V  be 
such  that  P  AQ  and  RAS.  Then  (1)  P\R  AQ\R  and  (2)  P  +  R  AQ  +  R,  which  is  established  as  follows. 

1.  According  to  Def.  4.13,  it  is  sufficient  to  prove  that  the  relation 

TZ=d({{P\R,Q\R)  \PAQ-,R£P} 

is  a  weak  faster-than  precongruence  relation.  Let  {P\R,Q\R)  £TZhe  arbitrary. 

•  Aetion  transitions:  The  cases  where  P\R  S  or  Q\R  S,  for  some  S  £V  and  a  £  A,  are 
standard. 

•  Cloek  transitions:  Let  P\R  S,  for  some  S  £  V.  This  case  can  easily  be  treated  along  the 
lines  of  the  corresponding  case  in  the  proof  of  the  precongruence  property  of  3- 

2.  By  Def.  4.13  it  is  sufficient  to  establish  that  the  relation 

TZ  =df  {{P  +  R,Q  +  R)  \  P  AQ 

is  a  weak  faster-than  precongruence  relation.  Let  {P  +  R,Q  +  R)  £TZhe  arbitrary. 

•  Aetion  transitions:  Let  P  +  R  V,  for  some  a  £  A  and  V  £V.  Since  the  operational  rules 
for  summation  with  respect  to  actions  are  identical  to  the  ones  in  CCS,  and  the  definition  of 
weak  faster-than  precongruence  coincides  with  the  one  of  observational  congruence  in  CCS  in 
this  particular  case,  the  proof  follows  along  the  lines  of  the  corresponding  proof  in  CCS. 

•  Cloek  transitions:  Let  P  +  R  V,  for  some  V  £  V,  i.e.,  P  P'  and  R  R'  for 
some  P',R'  £  V,  and  V  =  P'  +  R'  hy  Rule  (tSum).  Since  PAQ  we  know  of  the  existence  of 
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some  Q'  G  V  such  that  Q  Q' ,  U{Q)  C  U{P),  and  P'  ^Q'.  Therefore,  we  may  conclude 
Q  +  R  Q'  +  R'  by  Rule  (tSum),  as  well  as  {P'  +  R' ,Q'  +  R')  €  7?.  by  the  definition  of  TZ. 
Moreover,  we  have  U{Q  +  R)  =  U{Q)  U  U{R)  C  U{P)  U  U{R)  =U{P  +  R)  by  the  definition  of 
urgent  action  sets,  which  finishes  this  part  of  the  proof. 

To  show  that  3  is  compositional  with  respect  to  recursion,  we  have  to  adapt  a  notion  of  “up  to”  again. 

A  relation  TZ  CV  x  V  is  &  weak  faster-than  precongruence  relation  up  to  3  if  the  following 
conditions  hold  for  every  {P,  Q)  £TZ  and  a  £  A. 

1.  P  P'  implies  3Q'.Q  Q'  and  P'  TZA  Q' ,  and 

2.  Q  Q'  implies  3P' .  P  P'  and  P'  ATZ  Q' ,  and 

3.  P  ^  P'  implies  3Q'.Q  Q' ,  U{Q)  C  U{P),  and  P'  TZ2  Q' . 

The  proof  follows  pretty  much  the  standard  lines  (cf.  [26])  and,  therefore,  is  omitted  here. 

We  are  left  with  establishing  the  “largest”  claim.  From  universal  algebra  we  know  that  the  largest 
precongruence  3"*^  in  3  exists  and  also  that  3"*^  =  {(P,  Q)  \  yC[x].C[P]  3  Since  3  is  a  precongruence 

which  is  contained  in  3,  the  inclusion  3  C  3"*^  holds.  Thus,  it  remains  to  show  3"*^  C  5.  Consider  the 
relation  =df  {{P,Q)  \  P  +  c.O  A  Q  +  c.O ,  where  c  ^  sort(P)  U  sort((3)}.  By  definition  of  we  have 
3  C  5^.  We  establish  the  other  necessary  inclusion  C  3  by  proving  that  is  a  weak  faster-than 
precongruence  relation.  Let  P  Q,  i.e.,  P  +  c.O  A  Q  +  c.O,  and  distinguish  the  following  cases. 

•  Action  transitions:  Let  P  P' ,  i.e.,  a  ^  c  and  P  +  c.O  P'  by  Rule  (Suml).  Since  P 

we  conclude  the  existence  of  some  V  £  V  satisfying  Q  +  c.O  V  and  P' AV .  Because  c  is  a 
distinguished  action  we  have  V  ^  Q  and,  thus,  V  =  Q'  and  Q  Q' ,  for  some  Q'  £  V. 

•  Clock  transitions:  Let  P  P' .  By  Rules  (tAct)  and  (tSum),  P  +  c.O  P'  +  c.O  holds.  Since 
P^aQ  we  know  of  the  existence  of  some  V,V' ,V''  £  V  such  that  Q  +  c.O  V  V"  V, 
U(V')  C  U{P),  and  P'  +  c.O  3  V.  Because  c  is  a  distinguished  action  not  in  the  sorts  of  P 
and  Q,  we  conclude  V  =  Q  +  c.O,  V"  =  Q'  +  c.O  for  some  Q'  £  V,  V  =  V" ,  Q  Q' ,  and 
U{Q)  C  U{P).  Moreover,  P'  Q'  by  the  definition  of  and  the  fact  that  sort(P')  C  sort(P)  and 
sort((3')  C  sort((3). 

This  shows  that  is  a  weak  faster-than  precongruence  relation.  Hence,  C  5,  as  desired.  □ 

Now  we  are  able  to  state  the  main  theorem  of  this  section. 

Theorem  4.15  (Full-abstraction).  The  relation  A  is  the  largest  precongruence  contained  in 

Proof.  The  claim  follows  from  a  general  result  established  in  universal  algebra  since  (1)  3  is  the  largest 
precongruence  — for  all  operators  except  summation —  contained  in  (cf.  Prop.  4.12)  and  since  (2)  A  is 

the  largest  precongruence  — for  all  operators  including  summation —  contained  in  3  (cf.  Prop.  4.14).  □ 


5.  Example.  We  demonstrate  the  utility  of  our  semantic  theory  for  TAGS  by  means  of  a  small  example 
dealing  with  two  implementations  of  a  2-place  storage  in  terms  of  an  array  and  a  buffer,  respectively.  Both 
can  be  defined  using  some  definition  of  a  1-place  buffer,  e.g.,  Bg  =df  fix. a. in.  out. x,  which  can  alternately 
engage  in  communications  with  the  environment  on  channels  in  and  out  [26].  Observe  that  we  assume  a 
communication  on  channel  out  to  be  urgent,  while  process  Bg  may  autonomously  delay  a  communication 
on  channel  in  by  one  clock  tick  (cf.  the  single  clock-prefix  in  front  of  action  in).  Finally,  subscript  e  of 
process  Bg  should  indicate  that  the  1-place  buffer  is  initially  empty.  On  the  basis  of  Bg ,  one  may  now  define 
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Fig.  5.1.  Semantics  of  the  array  variant  (left)  and  the  buffer  variant  (right). 
a  2-place  array  2arr  and  a  2-place  buffer  2buf  as  follows: 

2arr  =df  Bg\Bg  and  2buf  =df  {Bg[c/out]\Bg[c/in])\{c}  . 

While  2arr  is  simply  the  (independent)  parallel  composition  of  two  1-place  buffers,  2buf  is  constructed 
by  sequencing  two  1-place  buffers,  i.e.,  by  taking  the  output  of  the  first  1-place  buffer  to  be  the  input  of 
the  second  one  (cf.  the  auxiliary  internal  channel  c).  Intuitively,  we  expect  the  array  to  behave  functionally 
identical  to  the  buffer,  i.e.,  both  should  alternate  between  in  and  out  actions.  However,  2arr  should  be 
faster  than  2buf  since  it  can  always  output  some  of  its  contents  immediately.  In  contrast,  2buf  needs  to 
pass  any  item  from  the  first  to  the  second  buffer  cell,  before  it  can  output  the  item. 

The  semantics  of  the  2-place  array  2arr  and  our  2-place  buffer  2buf  are  depicted  in  Fig.  5.1  on  the 
left  and  right,  respectively.  For  notational  convenience,  we  let  B„  stand  for  the  process  in. out. He  and  Bf  for 
out. He .  Moreover,  we  leave  out  the  restriction  operator  \{c}  in  the  terms  depicted  for  the  buffer  variant.  The 
highlighted  r-transition  indicates  an  urgent  internal  step  of  the  buffer.  Hence,  process  (BflB^)  \  {c}  cannot 
engage  in  a  clock  transition.  The  other  r-transition  depicted  in  Fig.  5.1  is  non-urgent.  As  desired,  our 
semantic  theory  for  TAGS  relates  2arr  and  2buf.  Formally,  this  may  be  witnessed  by  the  weak  faster-than 
relation  given  in  Table  5.1.  It  is  easy  to  check,  by  employing  Def.  4.11,  that  this  relation  is  indeed  a  weak 
faster-than  preorder,  whence  2arr  3  2buf.  Moreover,  since  both  2arr  and  2buf  does  not  possess  any 
initial  internal  transitions,  they  can  also  easily  be  proved  to  be  weak  faster-than  precongruent,  according 
to  Def.  4.13.  Thus,  2arr  3  2buf,  i.e.,  the  2-place  array  is  faster  than  the  2-place  buffer  in  all  contexts, 
although  functionally  equivalent,  which  matches  our  abovementioned  intuition. 

6.  Discussion  and  Related  Work.  This  section  highlights  the  unique  features  of  our  approach  when 
compared  to  related  work.  There  exists  a  large  number  of  papers  on  both  continuous  and  discrete  timed 
process  algebras;  we  refer  the  reader  to  [6]  for  a  survey.  Usually,  these  algebras  focus  on  modeling  synchronous 
systems,  where  components  are  under  the  regime  of  a  global  clock,  and  do  not  present  faster-than  relations. 
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Table  5.1 

Pairs  in  the  considered  weak  faster-than  relation 
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The  latter  is  not  surprising  because,  as  argued  in  [29],  it  seems  unlikely  that,  for  synchronous  systems,  a 
faster-than  preorder  satisfying  a  few  reasonable  properties  and  being  a  precongruence  for  parallel  composition 
exists.  Traditionally,  timed  process  algebras  aiming  at  reasoning  about  synchronous  systems  have  two 
common  features:  a  delay  operator  specifying  the  exact  time  a  process  has  to  wait  before  it  can  proceed, 
and  a  timeout  operator  stating  which  enabled  actions  are  withdrawn  and  which  ones  are  additionally  offered 
at  a  particular  instant  of  time.  In  contrast,  our  work  deals  with  asynchronous  systems  where  actions  are 
not  enabled  or  disabled  as  time  passes.  Indeed,  we  added  discrete  time  to  CCS  simply  to  evaluate  the 
performance  of  asynchronous  processes  and  not  to  increase  the  functional  expressiveness  of  CCS.  We  did 
this  by  introducing  a  clock  prefix  operator  specifying  a  single  time  bound  which  we  interpreted  as  upper 
bound  for  delays.  Some  other  timed  process  algebras  annotate  actions  or  processes  with  upper  as  well  as 
with  lower  time  bounds  in  the  form  of  timing  intervals  [5,  15];  however,  no  faster-than  relations  have  been 
defined  in  these  settings. 

The  idea  to  investigate  a  (bi)  simulation-based  approach  to  compare  the  worst-case  timing  behavior 
of  asynchronous  systems  was  born  out  of  the  second  author’s  research  on  faster-than  preorders  developed 
around  DeNicola  and  Hennessy’s  testing  theory  [16].  This  research  was  first  conducted  within  the  setting 
of  Petri  nets  [9,  22,  35,  36]  and  then  for  a  TCSP-style  [34]  process  algebra,  called  PAPAS  [23,  37].  The 
justification  for  adopting  a  testing  approach  is  reflected  in  a  fundamental  result  stating  that  the  faster-than 
testing  preorder  based  on  continuous-time  semantics  coincides  with  the  analogue  testing  preorder  based 
on  discrete-time  semantics  [23].  This  result,  however,  depends  very  much  on  the  testing  setting  and  is 
different  from  the  sort  of  discretization  obtained  for  timed  automata  [2].  Nevertheless,  PAPAS  has  certain 
disadvantages  when  compared  to  TAGS.  Pirst  of  all,  note  that  TAGS  allows  one  to  specify  arbitrary  upper 
time  bounds  by  nesting  cr-prefixes.  In  PAPAS,  every  action  has  the  same  integrated  upper  time  bound, 
namely  1,  i.e.,  an  a-prefix  in  PAPAS  corresponds  to  a  (T.a.-prefix  in  TAGS.  Our  algebra  TAGS  is  also  more 
expressive  than  PAPAS  from  a  different  point  of  view.  Consider  a  process  of  the  form  (t.{P\Q),  for  which 
the  best  counterpart  in  PAPAS  is  t.{P\Q).  Here,  the  r-step  incorporates  a  potential  delay,  but  it  can  also 
decide  choices  which  a  cr-step  cannot.  Moreover,  the  equational  laws  established  for  the  faster-than  testing 
preorder  of  PAPAS,  which  provided  an  axiomatization  for  the  class  of  finite  sequential  processes  just  as  we 
did  in  this  paper,  are  quite  complicated.  In  contrast,  the  simple  axioms  presented  here  provide  a  clear, 
comprehensive  insight  into  our  semantics. 

Some  researchers  consider  testing  [16]  to  be  the  more  intuitive  approach  to  semantics  than  bisimula¬ 
tion  [26].  However,  we  feel  that  both  are  related  within  our  setting.  Essentially,  the  faster-than  testing 
preorder  presented  for  PAPAS  in  [23]  is  characterized  as  inclusion  of  traces  annotated  by  refusal  sets  which 
underly  the  TAGS  approach,  too.  In  our  faster-than  precongruences  we  require  that,  when  a  time  step  is 
matched,  the  urgent  action  set  of  the  faster  process  contains  the  urgent  action  set  of  the  slower  one.  One 


26 


may  also  say  that  non-urgent  actions  can  be  refused  at  this  moment.  If  we  call  a  set  of  non-urgent  actions  a 
refusal  set,  we  could  replace  any  clock  transition  by  multiple  transitions,  one  for  each  refusal  set.  Then,  each 
refusal-set-transition  of  the  faster  process  is  matched  by  an  equally  labeled  transition  of  the  slower  one. 

Regarding  other  research  concerning  faster-than  relations,  our  approach  is  most  closely  related  to  work 
by  Moller  and  Tofts  [29]  who  developed  a  bisimulation-based  faster-than  preorder  within  the  discrete¬ 
time  process  algebra  H  TCCS.  In  their  approach,  asynchronous  processes  are  modeled  without  any  progress 
assumption.  Instead,  processes  may  idle  arbitrarily  long  and,  in  addition,  fixed  delays  may  be  specified. 
Hence,  their  setting  considers  best-case  behavior,  as  the  worst-case  would  be  that  for  an  arbitrary  long 
time  nothing  happens.  Moller  and  Tofts  present  an  axiomatization  of  their  faster-than  preorder  for  finite 
sequential  processes  and  discuss  the  problem  of  axiomatizing  parallel  composition,  for  which  only  valid  laws 
for  special  cases  are  provided  (cf.  Sec.  4.2).  It  has  to  be  mentioned  here  that  the  axioms  and  the  behavioral 
preorder  of  Moller  and  Tofts  do  not  completely  correspond.  In  fact,  writing  a  for  what  is  actually  written  (1) 
in  [29],  a.a.b.O  +  a. 6.0  is  equally  fast  as  a. 6.0,  which  does  not  seem  to  be  derivable  from  the  axioms.  Also, 
the  intuition  behind  relating  these  processes  is  not  so  clear,  since  a.a.a.b.O  +  a.a.b.O  is  not  necessarily  faster 
than  or  equally  fast  as  a.a.b.O.  Since  the  publication  in  1991,  also  Moller  and  Tofts  noticed  this  shortcoming 
of  their  preorder  [27].  The  problem  seems  to  lie  in  the  way  in  which  a  transition  P  P'  of  the  faster 
process  is  matched:  For  intuitive  reasons,  the  slower  process  must  be  allowed  to  perform  time  steps  before 
engaging  in  a.  Now  the  slower  process  is  ahead  in  time,  whence  P'  should  be  allowed  some  additional  time 
steps.  What  might  be  wrong  is  that  P'  must  perform  these  additional  time  steps  immediately.  We  assume 
that  a  version  of  our  indexed  faster-than  relation,  which  relaxes  the  latter  requirement,  would  be  more 
satisfactory.  It  would  also  be  interesting  to  study  the  resulting  preorder  and  compare  it  in  detail  to  our 
faster-than  precongruence;  this  should  give  a  better  understanding  what  worst-case  and  best-case  timing 
behavior  means  for  asynchronous  systems  in  (bi) simulation-based  settings. 

A  different  idea  for  relating  processes  with  respect  to  speed  was  investigated  by  Corradini  et  al.  [14]  within 
the  so-called  ill-timed-but-well-caused  approach  [1,  17].  The  key  of  this  approach  is  that  components  attach 
local  time  stamps  to  actions;  however,  actions  occur  as  in  an  untimed  algebra.  Hence,  in  a  sequence  of  actions 
exhibited  by  different  processes  running  in  parallel,  local  time  stamps  might  decrease.  This  way,  the  timed 
algebra  technically  stays  very  close  to  untimed  ones,  but  the  “ill-timed”  runs  make  the  faster-than  preorder 
of  Corradini  et  al.  difficult  to  relate  to  our  approach. 

Other  research  compares  the  efficiency  of  untimed  CCS-like  terms  by  counting  internal  actions  either 
within  a  testing  framework  [13,  31]  or  a  bisimulation-based  setting  [3,  4].  In  all  these  approaches,  except 
in  [13]  which  does  not  consider  parallel  composition,  runs  of  parallel  processes  are  seen  to  be  the  interleaved 
runs  of  their  component  processes.  Consequently,  e.g.,  process  (r.a.O  j  r.a.6.0)  \  {a}  is  as  efficient  as  process 
r.r.r.6.0,  whereas  in  our  setting  {a.a.O  \  a.a.b.O)  \  {a}  is  strictly  faster  than  a.a.r.b.O. 

7.  Conclusions  and  Future  Work.  To  consider  the  worst-case  efficiency  of  asynchronous  processes, 
i.e.,  those  processes  whose  functional  behavior  is  not  influenced  by  timing  issues,  we  defined  the  process 
algebra  TAGS.  This  algebra  conservatively  extends  CCS  by  a  clock  prefix,  which  represents  a  delay  of 
at  most  one  time  unit,  and  it  takes  time  to  be  discrete.  For  TAGS  processes  we  then  introduced  a  simple 
(bi) simulation-based  faster-than  preorder  and  showed  this  to  coincide  with  two  other  variants  of  the  preorder, 
both  of  which  might  be  intuitively  more  convincing  but  which  are  certainly  more  complicated.  We  also 
developed  a  semantic  theory  for  our  faster-than  preorder,  including  a  coarsest  precongruence  result  and  an 
axiomatization  for  finite  sequential  processes,  and  investigated  a  corresponding  “weak”  preorder. 
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Future  work  should  proceed  along  two  orthogonal  directions  involving  both  theoretical  and  practical 
aspects.  From  a  theory  point  of  view,  we  intend  to  extend  our  axiomatization  to  larger  classes  of  processes 
and  also  to  our  weak  faster-than  preorder.  Recent  papers  provide  an  outline  how  the  latter  can  be  done  for 
recursive  processes  in  the  presence  of  preemption  [10,  20];  as  a  first  step,  one  could  also  restrict  attention 
to  processes  where  parallel  composition  only  occurs  as  top-level  operator.  Moreover,  it  remains  an  open 
question  whether  the  faster-than  precongruence,  when  defined  for  continuous  time,  coincides  with  the  one 
presented  here  for  discrete  time,  as  is  the  case  in  the  testing  scenario  presented  in  [35].  For  putting  the  novel 
theory  into  practice,  we  plan  to  implement  our  process  algebra  and  a  decision  procedure  for  our  faster-than 
precongruence  in  the  Concurrency  Workbench  [12],  a  formal  verification  tool. 
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